源码编译
下载
root@nginx \~# wget https://nginx.org/download/nginx-1.28.1.tar.gz
解压
root@nginx \~# tar zxf nginx-1.28.1.tar.gz
root@nginx \~# cd nginx-1.28.1/
安装依赖
root@nginx nginx-1.28.1# dnf install gcc openssl-devel.x86_64 pcre2-devel.x86_64 zlib-devel -y
编译
root@nginx nginx-1.28.1# make
root@nginx nginx-1.28.1# make install
nginx启动
root@nginx \~# vim ~/.bash_profile
2 export PATH=$PATH:/usr/local/nginx/sbin
root@nginx \~# source ~/.bash_profile
root@nginx \~# useradd -s /sbin/nologin -M nginx
root@nginx \~# nginx #启动
root@nginx \~# ps aux | grep nginx
root 1828 0.0 0.6 30768 23680 pts/0 T 20:23 0:00 wget https://nginx.org/download/nginx-1.28.1.tar.gz
root 8453 0.0 0.0 14688 2360 ? Ss 20:36 0:00 nginx: master process nginx
nginx 8454 0.0 0.1 14888 3896 ? S 20:36 0:00 nginx: worker process
root 8459 0.0 0.0 6636 2176 pts/0 S+ 20:37 0:00 grep --color=auto nginx
测试
root@nginx \~# echo 172.25.254.10 > /usr/local/nginx/html/index.html
root@nginx \~# curl 172.25.254.10
172.25.254.10
编写启动文件
root@nginx \~# vim /lib/systemd/system/nginx.service
Unit
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
Service
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
Install
WantedBy=multi-user.target
root@nginx \~# systemctl daemon-reload
验证
root@nginx \~# systemctl enable --now nginx #开机启动
root@nginx \~# reboot
Nginx的平滑升级及回滚
下载高版本压缩包
root@nginx \~# wget https://nginx.org/download/nginx-1.29.4.tar.gz
解压
root@nginx \~# tar zxf nginx-1.29.4.tar.gz
隐藏版本
root@nginx \~# vim nginx-1.29.4/src/core/nginx.h
13 #define NGINX_VERSION ""
编译
root@nginx nginx-1.29.4# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http__v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --wtith-stream_ssl_module --with-stream_realip_module
root@nginx nginx-1.29.4# make
root@nginx nginx-1.29.4# cd objs/
查看是否有nginx
root@nginx sbin# cp nginx nginx.old
root@nginx sbin# \cp -f /root/nginx-1.29.4/objs/nginx /usr/local/nginx/sbin/nginx
root@nginx sbin# ps aux | grep nginx
root 899 0.0 0.0 14688 2220 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 901 0.0 0.1 14888 3884 ? S 20:48 0:00 nginx: worker process
root 4763 0.0 0.0 6636 2176 pts/0 S+ 21:00 0:00 grep --color=auto nginx
root@nginx sbin# kill -USR2 899 #结束nginx master进程
回收旧版本子进程
root@nginx sbin# ps aux | grep nginx
root 899 0.0 0.0 14688 2604 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 901 0.0 0.1 14888 3884 ? S 20:48 0:00 nginx: worker process
root 4783 0.0 0.2 14716 8064 ? S 21:01 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4784 0.0 0.1 14916 4144 ? S 21:01 0:00 nginx: worker process
root 4796 0.0 0.0 6636 2176 pts/0 S+ 21:03 0:00 grep --color=auto nginx
root@nginx sbin# kill -WINCH 899
root@nginx sbin# ps aux | grep nginx
root 899 0.0 0.0 14688 2604 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4783 0.0 0.2 14716 8064 ? S 21:01 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4784 0.0 0.1 14916 4144 ? S 21:01 0:00 nginx: worker process
root 4798 0.0 0.0 6636 2176 pts/0 S+ 21:04 0:00 grep --color=auto nginx
版本回退
root@nginx sbin# cd /usr/local/nginx/sbin/
root@nginx sbin# cp nginx nginx.new -p
将旧版本的nginx.old改回nginx
root@nginx sbin# \cp nginx .old nginx -pf
root@nginx sbin# ps aux | grep nginx
root 899 0.0 0.0 14688 2604 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4783 0.0 0.2 14716 8064 ? S 21:01 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4784 0.0 0.1 14916 4144 ? S 21:01 0:00 nginx: worker process
root 4847 0.0 0.0 6636 2176 pts/0 S+ 21:06 0:00 grep --color=auto nginx
root@nginx sbin# kill -HUP 899
root@nginx sbin# ps aux | grep nginx
root 899 0.0 0.0 14688 2604 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4783 0.0 0.2 14716 8064 ? S 21:01 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4784 0.0 0.1 14916 4144 ? S 21:01 0:00 nginx: worker process
nginx 4849 0.0 0.1 14888 3884 ? S 21:08 0:00 nginx: worker process
root 4851 0.0 0.0 6636 2176 pts/0 S+ 21:09 0:00 grep --color=auto nginx
root@nginx sbin# nginx -V
nginx version: nginx/1.28.1 #旧版本
built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC)
built with OpenSSL 3.2.2 4 Jun 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
回收新版本进程
root@nginx sbin# kill -WINCH 4783
Nginx配置文件的管理及优化参数
root@nginx \~# vim /usr/local/nginx/conf/nginx.conf
2 user nginx;
root@nginx \~# nginx -t #查看是否有配置语法错误
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
root@nginx \~# nginx -s reload #重启nginx
将处理器数量设置为1内核数量设置为4,设置好后重启系统
root@nginx \~# vim /usr/local/nginx/conf/nginx.conf
3 worker_processes 2;
root@nginx \~# nginx -s reload
root@nginx \~# vim /usr/local/nginx/conf/nginx.conf
3 worker_processes auto;
4 worker_cpu_affinity 0001 0010 0100 1000;
root@nginx \~# nginx -s reload
root@nginx \~# vim /usr/local/nginx/conf/nginx.conf
12 events {
13 worker_connections 10000; #nginx最大连接数
14 use epoll;
15 accept_mutex on;
16 multi_accept on;
17 }
root@nginx \~# nginx -s reload
root@nginx \~# dnf install httpd-tools-2.4.62-4.el9.x86_64 -y
root@nginx \~# ab -n 10000 -c5000 http://172.25.254.10/index.html
This is ApacheBench, Version 2.3 <Revision: 1913912 >
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.254.10 (be patient)
socket: Too many open files (24) #访问过多请求失败
处理本地文件系统的并发文件数量
root@nginx \~# vim /etc/security/limits.conf
60 * - nofile 10000
61 * - nofile 10000
62 root - nofile 10000
root@nginx \~# sudo -u nginx ulimit -n
10000
root@nginx \~# ulimit -n 10000
测试
KeepAlived长链接优化
设置连接时长
root@nginx \~# vim /usr/local/nginx/conf/nginx.conf
34 keepalive_timeout 5;
root@nginx \~# vim /etc/hosts
172.25.254.10 nginx www.qqq.com
root@nginx \~# telnet www.qqq.com 80
再输入下面两行后按回车两次
设置最大连接次数
root@nginx \~# vim /usr/local/nginx/conf/nginx.conf
35 keepalive_requests 3;
root@nginx \~# telnet www.qqq.com 80
Trying 172.25.254.10...
Connected to www.qqq.com.
Escape character is '^]'.
GET / HTTP/1.1 #第一次连接
Host: www.qqq.com
HTTP/1.1 200 OK
Server: nginx/1.28.1
Date: Mon, 23 Feb 2026 14:03:07 GMT
Content-Type: text/html
Content-Length: 14
Last-Modified: Mon, 23 Feb 2026 12:38:30 GMT
Connection: keep-alive
Keep-Alive: timeout=100
ETag: "699c4a46-e"
Accept-Ranges: bytes
172.25.254.10
GET / HTTP/1.1 #第二次连接
Host: www.qqq.com
HTTP/1.1 200 OK
Server: nginx/1.28.1
Date: Mon, 23 Feb 2026 14:03:17 GMT
Content-Type: text/html
Content-Length: 14
Last-Modified: Mon, 23 Feb 2026 12:38:30 GMT
Connection: keep-alive
Keep-Alive: timeout=100
ETag: "699c4a46-e"
Accept-Ranges: bytes
172.25.254.10
GET / HTTP/1.1 #第三次连接
Host: www.qqq.com
HTTP/1.1 200 OK
Server: nginx/1.28.1
Date: Mon, 23 Feb 2026 14:03:27 GMT
Content-Type: text/html
Content-Length: 14
Last-Modified: Mon, 23 Feb 2026 12:38:30 GMT
Connection: close
ETag: "699c4a46-e"
Accept-Ranges: bytes
172.25.254.10
Connection closed by foreign host. #连接关闭
Location 字符匹配详解
Location后什么都不带直接指定目录
root@nginx conf# mkdir /usr/local/nginx/conf/conf.d
root@nginx conf# vim /usr/local/nginx/conf/nginx.conf
84 include "/usr/local/nginx/conf/conf.d/*.conf";
null改为大写访问不了
=
用于标准uri前,需要请求字串与uri精确匹配,大小敏感,如果匹配成功就停止向下匹配并立即处理请求
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location /null {
return 200 "/null-1";
}
location = /null {
return 200 "=";
}
location ~ /null {
return 200 "~";
}
}
精确匹配
^~
#用于标准uri前,表示包含正则表达式,并且匹配以指定的正则表达式开头 #对uri的最左边部分做匹配检查,不区分字符大小写
root@nginx conf.d# vim vhosts.conf
1 server {
2 listen 80;
3 server_name www.qqq.com;
4 location /null {
5 return 200 "/null-1";
6 }
7 location ^~ /aaa {
8 return 200 "~";
9 }
10 }
root@nginx conf.d# nginx -s reload
凡是aaa开头的都能匹配到
~
用于标准uri前,表示包含正则表达式,并且区分大小写
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location /null {
return 200 "/null-1";
}
location ^~ /aaa {
return 200 "~";
}
location ~ /lll {
return 200 "lll"
}
}
root@nginx conf.d# nginx -s reload
~*
用于标准uri前,表示包含正则表达式,并且不区分大写
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location /null {
return 200 "/null-1";
}
location ^~ /aaa {
return 200 "~";
}
location ~ /lll {
return 200 "lll";
}
location ~* /abc {
return 200 "nihao";
}
}
root@nginx conf.d# nginx -s reload
root@nginx conf.d# curl www.qqq.com/abc
nihaoroot@nginx conf.d# curl www.qqq.com/ABC
nihaoroot@nginx conf.d# curl www.qqq.com/Abc
nihaoroot@nginx conf.d#
/
用于标准uri前,表示包含正则表达式并且转义字符。可以将 . * ?等转义为普通符号
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location /null {
return 200 "/null-1";
}
location ^~ /aaa {
return 200 "~";
}
location ~ /lll {
return 200 "lll";
}
location ~* /abc {
return 200 "nihao";
}
location ~* \.(com|org)${ #以.com或.org结尾
return 200 "\\\";
}
}
root@nginx conf.d# nginx -s reload
#匹配优先级从高到低: =, ^~, ~/~*, 不带符号
服务访问的用户认证
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location /admin {
root /usr/loacl/nginx/html;
auth_basic "login passwd";
auth_basic_user_file "/usr/local/nginx/conf/.htpasswd";
}
}
root@nginx conf.d# systemctl restart nginx.service
自定义错误界面
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
error_page 404 405 503 502 /error;
location /admin {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
}
自定义错误日志
root@nginx conf.d# vim vhosts.conf
root@nginx conf.d# mkdir -p /usr/local/nginx/logs/aaa.org/
root@nginx conf.d# vim vhosts.conf
root@nginx conf.d# systemctl restart nginx.service
root@nginx conf.d# cd /usr/local/nginx/logs/aaa.org/
root@nginx aaa.org# ll
总用量 0
-rw-r--r--. 1 root root 0 2月 23 23:38 aaa.error
root@nginx aaa.org# curl www.qqq.com/admin
no file
root@nginx aaa.org# cat aaa.error
2026/02/23 23:38:54 error 3598#0: *1 open() "/usr/local/nginx/html/admin" failed (2: No such file or directory), client: 172.25.254.10, server: www.qqq.com, request: "GET /admin HTTP/1.1", host: "www.qqq.com"
Nginx中建立下载服务器
下载服务器配置
root@nginx \~# mkdir -p /usr/local/nginx/download
root@nginx \~# cp /etc/passwd /usr/local/nginx/download/
root@nginx \~# dd if=/dev/zero of=/usr/local/nginx/download/bigfile bs=1M count=100
记录了100+0 的读入
记录了100+0 的写出
104857600字节(105 MB,100 MiB)已复制,0.0428074 s,2.4 GB/s
root@nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf
12 location /download {
13 root /usr/local/nginx;
14 }
root@nginx \~# nginx -s reload
启用列表功能
root@nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf
14 autoindex on;
root@nginx \~# nginx -s reload
访问成功
下载控速
控速前
root@nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf
15 limit_rate 1024k;
root@nginx \~# nginx -s reload
控速后
显示文件大小
root@nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf
16 autoindex_exact_size off;
root@nginx \~# nginx -s reload
显示时间调整
root@nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf
17 autoindex_localtime on;
root@nginx \~# nginx -s reload
设定页面风格
root@nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf
18 autoindex_format html;
root@nginx \~# nginx -s reload
18 autoindex_format xml;
html
xml
json
18 autoindex_format json;
Nginx的文件检测
root@nginx \~# echo default > /usr/local/nginx/errorpage/default.html
root@nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf
7 try_files uri uri.html $uri/index.html /default.html;
root@nginx \~# nginx -s reload
nginx状态页
root@nginx \~# htpasswd -cmb /usr/local/nginx/conf/conf.d/.htpasswd admin 1
Adding password for user admin
root@nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf
1 server {
2 listen 80;
3 server_name www.qqq.com;
4 location /status {
5 stub_status;
6 auth_basic "auth login";
7 auth_basic_user_file /usr/local/nginx/conf/conf.d/.htpasswd;
8 allow 172.25.254.0/24;
9 deny all;
10 }
11 }
root@nginx \~# nginx -s reload
Nginx的压缩功能
root@nginx \~# mkdir -p /usr/local/nginx/www.qqq.com/qqq/html
root@nginx conf.d# vim /usr/local/nginx/conf/nginx.conf
36 gzip on;
37 gzip_comp_level 4;
38 gzip_disable "MSIE 1-6\.";
39 gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript applicati on/x-httpd-php image/gif image/png;
40 gzip_vary on;
41 gzip_static on;
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /usr/local/nginx/www.qqq.com/qqq/html;
location /status {
stub_status;
auth_basic "auth login";
auth_basic_user_file /usr/local/nginx/conf/conf.d/.htpasswd;
allow 172.25.254.0/24;
deny all;
}
}
root@nginx conf.d# nginx -s reload
nginx变量
升级Nginx支持echo
root@nginx conf.d# systemctl stop nginx.service #停止nginx服务
下载
root@nginx nginx-1.28.1# tar zxf echo-nginx-module-0.64.tar.gz
root@nginx nginx-1.28.1# cd nginx-1.28.1/
root@nginx nginx-1.28.1# make clean
root@nginx nginx-1.28.1# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/root/echo-nginx-module-0.64
root@nginx nginx-1.28.1# rm -rf /usr/local/nginx/sbin/nginx
root@nginx nginx-1.28.1# cp objs/nginx /usr/local/nginx/sbin/ -P
root@nginx nginx-1.28.1# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /usr/local/nginx/www.qqq.com/qqq/html;
location /vars {
default_type text/html;
echo $remote_addr;
}
}
root@nginx nginx-1.28.1# nginx -s reload
root@nginx nginx-1.28.1# systemctl restart nginx.service
理解内建变量
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /usr/local/nginx/www.qqq.com/qqq/html;
location /vars {
default_type text/html;
echo $args;
}
}
root@nginx conf.d# nginx -s reload
$host; #存放了请求的host名称
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /usr/local/nginx/www.qqq.com/qqq/html;
location /vars {
default_type text/html;
echo $host;
}
}
$scheme; #请求的协议,例如:http,https,ftp等
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /usr/local/nginx/www.qqq.com/qqq/html;
location /vars {
default_type text/html;
echo $scheme;
}
}
root@nginx conf.d# vim vhosts.conf
1 server {
2 listen 80;
3 server_name www.qqq.com;
4 root /usr/local/nginx/www.qqq.com/qqq/html;
5 location /vars {
6 default_type text/html;
7 echo $remote_addr;
8 echo $args;
9 echo $is_args;
10 echo $document_root;
11 echo $document_uri;
12 echo $host;
13 echo $remote_port;
14 echo $remote_user;
15 echo $request_method;
16 echo $request_filename;
17 echo $request_uri;
18 echo $scheme;
19 echo $server_protocol;
20 echo $server_addr;
21 echo $server_name;
22 echo $server_port;
23 echo $http_user_agent;
24 echo $cookie_key2;
25 echo $http_user_agent;
26 echo $sent_http_content_type;
27 set $test lee;
28 echo $test;
29 set web_port server_port;
30 echo $web_port;
网页从写
网页重写中的指令
root@nginx conf.d# vim vhosts.conf
1 server {
2 listen 80;
3 server_name www.qqq.com;
4 root /webdir/www.qqq.com/qqq/html;
5 location /vars {
6 echo $remote_user;
7 echo $request_method;
8 echo $request_filename;
9 echo $request_uri;
10 echo $scheme;
11 }
12 location / {
13 if ( $http_user_agent ~* firfox ){
14 return 200 "test if messages";
15 }
16 }
17 }
root@nginx conf.d# nginx -s reload
root@nginx conf.d# mkdir /webdir/www.qqq.com/qqq/html -p
root@nginx conf.d# vim /webdir/www.qqq.com/qqq/html/index.html
nihao
未指定浏览器
指定firefox浏览器
set
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /webdir/www.qqq.com/qqq/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
set $testname qqq;
echo $testname;
}
}
root@nginx conf.d# nginx -s reload
return
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /webdir/www.qqq.com/qqq/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
return 200 "nihao";
}
}
root@nginx conf.d# nginx -s reload
break
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /webdir/www.qqq.com/qqq/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
set $test1 aaa;
echo $test1;
set $test2 bbb;
echo $test2;
if ($http_user_agent = firefox) {
break;
}
set $test3 ccc;
echo $test3;
}
}
测试
root@nginx conf.d# nginx -s reload
root@nginx conf.d# curl www.qqq.com
aaa
bbb
ccc
root@nginx conf.d# curl -A "firefox" www.qqq.com
aaa
bbb
root@nginx conf.d#
redirect
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /webdir/www.qqq.com/qqq/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
rewrite / http://www.baidu.com redirect;
}
}
root@nginx conf.d# nginx -s reload
测试
permanent
#重写完成后以永久重定向方式直接返回重写后生成的新URL给客户端 #由客户端重新发起请求,状态码:301
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /webdir/www.qqq.com/qqq/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
rewrite / http://www.baidu.com permanent;
}
}
root@nginx conf.d# nginx -s reload
break&last
root@nginx conf.d# mkdir /webdir/www.qqq.com/qqq/html/{break,last,test1,test2}
root@nginx conf.d# echo break > /webdir/www.qqq.com/qqq/html/break/index.html
root@nginx conf.d# echo last > /webdir/www.qqq.com/qqq/html/last/index.html
root@nginx conf.d# echo test1 > /webdir/www.qqq.com/qqq/html/test1/index.html
root@nginx conf.d# echo test2 > /webdir/www.qqq.com/qqq/html/test2/index.html
root@nginx conf.d# vim vhosts.conf
1 server {
2 listen 80;
3 server_name www.qqq.com;
4 root /webdir/www.qqq.com/qqq/html;
5 location /vars {
6 echo $remote_user;
7 echo $request_method;
8 echo $request_filename;
9 echo $request_uri;
10 echo $scheme;
11 }
12 location /break {
13 rewrite /break/(.*) /test/$1 break;
14 rewrite /test1 /test2;
15
16 }
17 location /test1 {
18 return 200 "test1";
19 }
20 location /test2 {
21 return 200 "test2";
22 }
23 }
root@nginx conf.d# nginx -s reload
root@nginx conf.d# curl -L http://www.qqq.com/break/index.html
test1
last
root@nginx conf.d# curl -L http://www.qqq.com/break/index.html
test2
防盗链
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
root /webdir/www.qqq.com/qqq/html;
location / {
valid_referers none blocked server_names *.qqq.com ~/.baidu/.;
if ( $invalid_referer ){
return 404;
}
}
location /img{
valid_referers none blocked server_names *.qqq.com ~/.baidu/.;
if ( $invalid_referer ){
rewrite ^/ http://www.qqq.com/daolian/daolian.png;
}
}
}
root@nginx conf.d# nginx -s reload
root@client \~# vim /var/www/html/index.html
root@client \~# systemctl restart httpd.service
nginx反向代理
rs1和rs2主机配置
root@rs1 \~# dnf install httpd -y
root@rs2 \~# dnf install httpd -y
root@rs1 \~# echo 172.25.254.20 > /var/www/html/index.html
root@rs2 \~# echo 172.25.254.30 > /var/www/html/index.html
root@rs1 \~# systemctl restart httpd
root@rs2 \~# systemctl restart httpd
测试
root@rs1 \~# curl 172.25.254.20
172.25.254.20
root@rs1 \~# curl 172.25.254.30
172.25.254.30
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location / {
proxy_pass http://172.25.254.20:80;
}
location /web {
proxy_pass http://172.25.254.30:80;
}
}
proxy_hide_header filed
可以看到etag
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location / {
proxy_pass http://172.25.254.20:80;
proxy_hide_header ETag;
}
}
root@nginx conf.d# nginx -s reload
etag被隐藏了
proxy_pass_header
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location / {
proxy_pass http://172.25.254.20:80;
proxy_pass_header Server;
}
}
root@nginx conf.d# nginx -s reload
透传信息
root@rs1 \~# vim /etc/httpd/conf/httpd.conf
201 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" combined
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location / {
proxy_pass http://172.25.254.20:80;
proxy_set_header X-Forwarded $remote_addr;
}
}
root@nginx conf.d# nginx -s reload
利用反向代理实现动静分离
环境
root@rs1 \~# dnf install httpd -y
root@rs1 \~# systemctl restart httpd.service
<?php
echo "<h2>172.25.254.10</h2>";
phpinfo();
?>
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location / {
proxy_pass http://172.25.254.20:80;
}
location ~* \.(php|js)$ {
proxy_pass http://172.25.254.20:80;
}
}
静态
动态
缓存加速
root@nginx conf.d# vim /usr/local/nginx/conf/nginx.conf
41 proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location / {
proxy_pass http://172.25.254.30:80;
}
location ~* \.(php|js)$ {
proxy_pass http://172.25.254.20:80;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 1m;
}
}
root@nginx conf.d# systemctl restart nginx
root@nginx conf.d# tree /usr/local/nginx/proxy_cache/
/usr/local/nginx/proxy_cache/
0 directories, 0 files
对比上次失败请求少很多了
root@nginx conf.d# tree /usr/local/nginx/proxy_cache/
/usr/local/nginx/proxy_cache/
└── 1
└── af
└── 15
└── e251273eb74a8ee3f661a7af00915af1
3 directories, 1 file
反向负载代理
root@nginx conf.d# vim /usr/local/nginx/conf/nginx.conf
22 include "/usr/local/nginx/conf/upstream/*.conf";
root@nginx conf.d# vim /usr/local/nginx/conf/upstream/loadbalance.conf
upstream webserver {
server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3;
server 172.25.254.30:80 weight=1 fail_timeout=15s max_fails=3;
server 172.25.254.10:8888 backup;
}
server {
listen 80;
server_name www.qqq.com;
location ~ / {
proxy_pass http://webserver;
}
}
root@nginx conf.d# mkdir /webdir/www.qqq.com/qqq/error/html/ -p
root@nginx conf.d# echo error > /webdir/www.qqq.com/qqq/error/html/index.html
root@nginx conf.d# vim vhosts.conf
server {
listen 8888;
root /webdir/www.qqq.com/qqq/error/html;
}
root@nginx conf.d# nginx -s reload
停止主机rs1和rs2的httpd服务
root@rs1 \~# systemctl stop httpd.service
root@rs2 \~# systemctl stop httpd.service
Nginx负载均衡算法
root@nginx conf.d# vim /usr/local/nginx/conf/upstream/loadbalance.conf
upstream webserver {
hash $cookie_lee;
server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3;
server 172.25.254.30:80 weight=1 fail_timeout=15s max_fails=3;
}
server {
listen 80;
server_name www.qqq.com;
location ~ / {
proxy_pass http://webserver;
}
}
nginx整合php
root@nginx conf.d# mkdir /webdir/www.qqq.com/php/html -p
root@nginx conf.d# echo 172.25.254.10php > /webdir/www.qqq.com/php/html/index.html
root@nginx conf.d# vim php.conf
server {
listen 80;
server_name www.qqq.php;
root /webdir/www.qqq.com/php/html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
测试
PHP的源码编译
root@nginx \~# wget https://www.php.net/distributions/php-8.3.30.tar.gz
下载依赖
root@nginx \~# wget https://mirrors.aliyun.com/rockylinux/9.7/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.6.x86_64.rpm
root@nginx php-8.3.30# tar zxf php-8.3.30.tar.gz
root@nginx php-8.3.30# dnf install gcc systemd-devel-252-51.el9.x86_64 libxml2-devel.x86_64 sqlite-devel.x86_64 libcurl-devel.x86_64 libpng-devel.x86_64 oniguruma-devel-6.9.6-1.el9.6.x86_64.rpm -y
编译
root@nginx php-8.3.30# cd php-8.3.30/
root@nginx php-8.3.30# ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
root@nginx php-8.3.30# make
root@nginx php-8.3.30# make install
root@nginx php-8.3.30# cd /usr/local/php/etc/
root@nginx etc# cp -p php-fpm.conf.default php-fpm.conf
root@nginx etc# vim php-fpm.conf
17 pid = run/php-fpm.pid
root@nginx etc# cd php-fpm.d/
root@nginx php-fpm.d# cp www.conf.default www.conf
root@nginx php-fpm.d# vim www.conf
41 listen = 0.0.0.0:9000
root@nginx \~# cd /usr/local/php/etc/
root@nginx etc# cd php-fpm.d/
root@nginx php-fpm.d# cp www.conf.default www.conf
root@nginx nginx-1.28.1# mv php-8.3.30 ../php-8.3.30
root@nginx \~# cp php-8.3.30/php.ini-production /usr/local/php/etc/php.ini
root@nginx \~# vim /usr/local/php/etc/php.ini
989 date.timezone = Asia/Shangha
root@nginx php-fpm.d# cp /root/php-8.3.30/sapi/fpm/php-fpm.service /lib/systemd/system/
root@nginx php-fpm.d# vim /lib/systemd/system/php-fpm.service
root@nginx php-fpm.d# vim /lib/systemd/system/php-fpm.service
18 #PrivateTmp=true
root@nginx php-fpm.d# systemctl daemon-reload
root@nginx php-fpm.d# systemctl enable --now php-fpm.service
查看是否开启
root@nginx php-fpm.d# netstat -anltupe | grep php
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 0 172393 144771/php-fpm: mas
设定环境变量
root@nginx php-fpm.d# vim ~/.bash_profile
.bash_profile
export PATH=$PATH:/usr/local/nginx/sbin
export PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/sbin:/usr/local/php/bin
Get the aliases and functions
if -f \~/.bashrc ; then
. ~/.bashrc
fi
User specific environment and startup programs
利用memcache实现php的缓存加速
安装
root@nginx php-fpm.d# dnf install memcached.x86_64 -y
配置
root@nginx php-fpm.d# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 0.0.0.0,::1"
重启
root@nginx php-fpm.d# systemctl enable --now memcached.service
查看是否开启
root@nginx php-fpm.d# netstat -antulpe | grep memcache
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 991 174294 145476/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 991 174295 145476/memcached
升级php对于memcache的支持
解压
root@nginx \~# gunzip memc-nginx-module-0.20.gz
root@nginx \~# cd memcache-8.2/
root@nginx memcache-8.2# dnf install autoconf -y
root@nginx memcache-8.2# phpize
root@nginx memcache-8.2# ./configure && make && make install
root@nginx memcache-8.2# ls /usr/local/php/lib/php/extensions/no-debug-non-zts-20230831/
root@nginx memcache-8.2# vim /usr/local/php/etc/php.ini
939 extension=memcache
root@nginx memcache-8.2# systemctl restart php-fpm.service
root@nginx memcache-8.2# php -m | grep memcache
memcache
nginx+memcache实现高速缓存解
重新编译nginx
root@nginx \~# systemctl stop nginx.service
root@nginx \~# cp /usr/local/nginx/conf/ /mnt/ -r
root@nginx \~# rm -fr /usr/local/nginx/
root@nginx \~# rm -rf nginx-1.29.4 nginx-1.28.1
root@nginx \~# tar zxf nginx-1.28.1.tar.gz
root@nginx \~# cd nginx-1.28.1/
root@nginx nginx-1.28.1# cd ..
root@nginx \~# tar zxf srcache-nginx-module-0.33.tar.gz
root@nginx \~# tar zxf memc-nginx-module-0.20.tar.gz
root@nginx conf# cp /mnt/conf/nginx.conf /mnt/conf/conf.d/ -r
root@nginx conf# systemctl restart nginx.service
整合memcache
root@nginx conf# vim /usr/local/nginx/conf/conf.d/php.conf
upstream memcache {
server 127.0.0.1:11211;
keepalive 512;
}
server {
listen 80;
server_name php.timinglee.org;
root /webdir/timinglee.org/php/html;
index index.php index.html;
location /memc {
internal;
memc_connect_timeout 100ms;
memc_send_timeout 100ms;
memc_read_timeout 100ms;
set memc_key query_string;
set $memc_exptime 300;
memc_pass memcache;
}
location ~ \.php$ {
set key uri$args;
srcache_fetch GET /memc $key;
srcache_store PUT /memc $key;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
Nginx的四层负载均衡代理
rs主机下载mysql
root@rs1 \~# dnf install mariadb-server -y
root@rs1 \~# vim /etc/my.cnf.d/mariadb-server.cnf
17 server-id=10
root@rs1 \~# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.5.27-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB (none)> CREATE USER 'rrr'@'%' identified '1';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1'' at line 1
MariaDB (none)> CREATE USER 'rrr'@'%' identified by '1';
Query OK, 0 rows affected (0.001 sec)
MariaDB (none)> GRANT ALL ON *.* TO 'rrr'@'%';
Query OK, 0 rows affected (0.001 sec)
MariaDB (none)> quit
Bye
root@rs2 \~# dnf install mariadb-server -y
root@rs2 \~# vim /etc/my.cnf.d/mariadb-server.cnf
17 server-id=20
root@rs2 \~# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.5.27-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB (none)> CREATE USER 'rrr'@'%' indentified by '1';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'indentified by '1'' at line 1
MariaDB (none)> CREATE USER 'rrr'@'%' identified by '1';
Query OK, 0 rows affected (0.002 sec)
MariaDB (none)> GRANT ALL ON *.* TO 'rrr'@'%';
Query OK, 0 rows affected (0.001 sec)
MariaDB (none)>
实验环境(dns)
root@rs1 \~# vim /etc/named.conf
注释掉这几行
11 // listen-on port 53 { 127.0.0.1; };
12 // listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 secroots-file "/var/named/data/named.secroots";
18 recursing-file "/var/named/data/named.recursing";
19 // allow-query { localhost; };
root@rs2 \~# vim /etc/named.conf
11 // listen-on port 53 { 127.0.0.1; };
12 // listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 secroots-file "/var/named/data/named.secroots";
18 recursing-file "/var/named/data/named.recursing";
19 // allow-query { localhost; };
root@rs1 \~# vim /etc/named.rfc1912.zones
46 zone "www.qqq.com" IN {
47 type master;
48 file "www.qqq.com.zone";
49 allow-update { none; };
50 };
root@rs2 \~# vim /etc/named.rfc1912.zones
46 zone "www.qqq.com" IN {
47 type master;
48 file "www.qqq.com.zone";
49 allow-update { none; };
50 }
root@rs1 \~# cd /var/named/
root@rs1 named# cp -p named.localhost www.qqq.com.zone
root@rs1 named# vim www.qqq.com.zone
$TTL 1D
@ IN SOA dns.www.qqq.com rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.www.qqq.com.
dns A 172.25.254.20
root@rs1 named# systemctl enable --now named.service
测试
root@rs2 \~# cd /var/named/
root@rs2 named# cp -p named.localhost www.qqq.com.zone
root@rs2 named# vim www.qqq.com.zone
$TTL 1D
@ IN SOA dns.www.qqq.com rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.www.qqq.com.
dns A 172.25.254.30
root@rs2 named# systemctl enable --now named.service
测试
tcp四层负载
root@nginx nginx-1.28.1# vim /usr/local/nginx/conf/tcp/mariadb.conf
stream {
upstream mysql_server {
server 172.25.254.20:3306 max_fails=3 fail_timeout=30s;
server 172.25.254.30:3306 max_fails=3 fail_timeout=30s;
}
server {
listen 172.25.254.10:3306;
proxy_pass mysql_server;
proxy_connet_timeout 30s;
proxy_timeout 300s;
}
}
root@nginx nginx-1.28.1# vim /usr/local/nginx/conf/nginx.conf
16 include "/usr/local/nginx/conf/tcp/*.conf";
root@nginx nginx-1.28.1# vim /usr/local/nginx/conf/tcp/mariadb.conf
stream {
upstream mysql_server {
server 172.25.254.20:3306 max_fails=3 fail_timeout=30s;
server 172.25.254.30:3306 max_fails=3 fail_timeout=30s;
}
server {
listen 172.25.254.10:3306;
proxy_pass mysql_server;
proxy_connect_timeout 30s;
proxy_timeout 300s;
}
}
root@nginx nginx-1.28.1# nginx -s reload
测试
udp四层负载
root@nginx nginx-1.28.1# vim /usr/local/nginx/conf/tcp/mariadb.conf
stream {
upstream mysql_server {
server 172.25.254.20:3306 max_fails=3 fail_timeout=30s;
server 172.25.254.30:3306 max_fails=3 fail_timeout=30s;
}
upstream dns_server{
server 172.25.254.20:53 max_fails=3 fail_timeout=30s;
server 172.25.254.30:53 max_fails=3 fail_timeout=30s;
}
server {
listen 172.25.254.10:3306;
proxy_pass mysql_server;
proxy_connect_timeout 30s;
proxy_timeout 300s;
}
server {
listen 172.25.254.10:53 udp;
proxy_pass dns_server;
proxy_timeout 1s;
proxy_responses 1;
error_log logs/dns.log;
}
}
测试
root@nginx nginx-1.28.1# cd /usr/local/nginx/conf/
root@nginx conf# mkdir conf.d
root@nginx conf# vim nginx.conf
81 include "/usr/local/nginx/conf/conf.d/*.conf";
root@nginx conf# nginx -s reload
#Nginx下构建PC站点
## 1.location中的root
root@nginx conf.d# mkdir -p /webdata/nginx/www.qqq.com/qqq/html
root@nginx conf.d# echo www.qqq.com > /webdata/nginx/www.qqq.com/qqq/html/index.html
root@nginx conf.d# vim vhosts.conf
root@nginx conf.d# nginx -s reload
root@nginx conf.d# systemctl restart nginx.service
root@nginx conf.d# vim /etc/hosts
root@nginx conf.d# curl www.qqq.com
local示例需要访问lee.timinglee.org/qqq/目录
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location / {
root /webdata/nginx/www.qqq.com/qqq/html;
}
location /qqq {
root /webdata/nginx/www.qqq.com/qqq/html;
}
}
root@nginx conf.d# systemctl restart nginx
root@nginx conf.d# mkdir -p /webdata/nginx/www.qqq.com/qqq/html/qqq
root@nginx conf.d# echo qqq > /webdata/nginx/www.qqq.com/qqq/html/qqq/index.html
测试
root@nginx conf.d# curl www.qqq.com/qqq/
qqq
location中的alias
root@nginx conf.d# vim vhosts.conf
server {
listen 80;
server_name www.qqq.com;
location /passwd {
alias /etc/passwd;
}
location /passwd/ {
alias /mnt/;
}
}
root@nginx conf.d# nginx -s reload
编译安装 openresty
root@nginx conf.d# wget https://openresty.org/download/openresty-1.27.1.2.tar.gz
root@nginx conf.d# dnf -yq install gcc pcre-devel openssl-devel perl zlib-devel
root@nginx conf.d# useradd -r -s /sbin/nologin nginx
编译
root@nginx openresty-1.27.1.2# ./configure --prefix=/apps/openresty --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
root@nginx openresty-1.27.1.2# gmake
root@nginx openresty-1.27.1.2# gmake install
root@nginx openresty-1.27.1.2# vim ~/.bash_profile
.bash_profile
export PATH=$PATH:/usr/local/nginx/sbin
export PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/sbin:/usr/local/php/bin
export PATH=$PATH:/usr/local/openresty/bin #添加
Get the aliases and functions
if -f \~/.bashrc ; then
. ~/.bashrc
fi
User specific environment and startup programs
root@nginx openresty-1.27.1.2# source ~/.bash_profile
root@nginx openresty-1.27.1.2# curl 172.25.254.10
hello