一、概述
Nginx 是开源、高性能、高可靠的 Web服务器 和反向代理服务器,而且支持热部署,几乎可以做到 7 * 24 小时不间断运行,即使运行几个月也不需要重新启动,还能在不间断服务的情况下对软件版本进行热更新。性能是 Nginx 最重要的考量,其占用内存少、并发能力强、能支持高达 5w 个并发连接数,最重要的是, Nginx 是免费的并可以商业化,配置使用也比较简单。
1.1 Nginx 特点
- 高并发、高性能;
- 模块化架构使得它的扩展性非常好;
- 异步非阻塞的事件驱动模型(epoll)这点和 Node.js 相似;
- 相对于其它服务器来说它可以连续几个月甚至更长而不需要重启服务器使得它具有高可靠性;
- 热部署、平滑升级;
- 完全开源,生态繁荣。
1.2 Nginx 作用
- http服务器。Nginx可以独立提供http服务。可做**网页静态服务器。
- 虚拟主机。可以实现在一台服务器虚拟出多个虚拟服务器。
- 反向代理,负载均衡。当网站的访问量达到一定程度后,单台服务器不能满足用户的请求时,需 要用多台服务器集群可以使用nginx做反向代理。并且多台服务器可以平均分担负载,不会应为某台服务器负载高宕机而某台服务器闲置的情况。
- nginx 中也可以配置安全管理、比如可以使用Nginx搭建API接口网关,对每个接口服务进行拦截。
二、Nginx服务搭建
2.1 Ningx安装
2.1.1 yum安装
[root@nginx1~]#yuminstall-yepel-release##可选
[root@nginx1~]#yuminstall-ynginx
##验证安装结果
[root@nginx1~]#rpm -q nginx
nginx-1.20.1-7.el7.x86_642.1.2 编译安装
[root@nginx1 ~]# tar xf nginx-1.18.0.tar.gz
##安装依赖###
[root@nginx1 ~]# yum install -y pcre-devel
[root@nginx1 ~]# yum install -y zlib-devel
[root@nginx1 ~]# cd nginx-1.18.0/
[root@nginx1 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx1.8 && make && make install
###命令优化
[root@localhost sbin]# export PATH=$PATH:/usr/local/nginx25/sbin #追加到/erc/profile
[root@localhost sbin]# source /etc/profile
##或者
[root@localhost sbin]# ln -s /usr/local/nginx25/sbin/nginx /usr/sbin/
###启停脚本优化
[root@localhost ~]# cat /etc/init.d/nginx
#!/bin/bash
case $1 in
start)
#start
nginx -c /usr/local/nginx25/conf/nginx.conf
;;
stop)
#stop
nginx -s stop
;;
restart)
#stop
#start
nginx -s reopen
;;
reload)
#reload
nginx -s reload
;;
status)
#reload
netstat -anptu | grep nginx
;;
*)
echo "USAGE: $0 start | stop | restart | reload | status"
;;
esac
2.2目录结构
2.2.1yum安装
/etc/nginx/ ##配置文件目录
/var/lib/nginx ##临时数据文件目录
/var/log/nginx/ ##日志文件目录
/usr/share/nginx/html/ ##访问页面根目录
/etc/nginx/conf.d ##自定义配置文件目录
/etc/nginx/default.d ##默认配置文件目录2.2.2编译安装
/usr/local/nginx1.8/conf ##配置文件目录
/usr/local/nginx1.8/conf/conf.d ##自定义配置文件目录
/usr/local/nginx1.8/conf/default.d ##默认配置文件目录
/usr/local/nginx1.8/html ##访问页面根目录
/usr/local/nginx1.8/logs ##日志文件目录
/usr/local/nginx1.8/sbin ##命令存放目录2.3核心配置文件
[root@nginx1 nginx]# ls
conf.d fastcgi.conf.default koi-utf mime.types.default scgi_params uwsgi_params.default
default.d fastcgi_params koi-win nginx.conf scgi_params.default win-utf
fastcgi.conf farams.default mime.types nginx.conf.default uwsgi_params
2.3.1 nginx.conf配置文件详解
##全局配置,对全局生效##
user nobody nobody; # 指定运行 Nginx 进程的用户为 nobody,组为nobody
pid /var/run/nginx.pid # master主进程的的pid存放在nginx.pid的文件
worker_processes 1; # 指定 Nginx 启动的 worker 子进程数量。
#worker_processes auto; # 与当前cpu物理核心数一致
worker_rlimit_nofile 20480; # 指定 worker 子进程可以打开的最大文件句柄数。
worker_rlimit_core 50M; # 指定 worker 子进程异常终止后的 core 文件,用于记录分析问题。
working_directory /opt/nginx/tmp; # 存放目录
worker_priority -10; # 指定 worker 子进程的 nice 值,以调整运行 Nginx 的优先级,通常设定为负值,以优先调用 Nginx。
#Linux 默认进程的优先级值是120,值越小越优先;nice 定范围为 -20 到 +19 。
#应用的默认优先级值是120加上 nice 值等于它最终的值,这个值越小,优先级越高。
worker_shutdown_timeout 5s; #指定 worker 子进程优雅退出时的超时时间。
timer_resolution 100ms; #worker 子进程内部使用的计时器精度,调整时间间隔越大,系统调用越少,有利于性能提升;反之,系统调用越多,性能下降。
daemon on; # 指定 Nginx 的运行方式,前台还是后台,前台用于调试,后台用于生产。默认是on,后台运行模式。
error_log logs/error.log; # 错误日志文件路径
##events:配置影响 Nginx 服务器与用户的网络连接;##
events {
use epoll; # 使用epoll的I/O模型(如果你不知道Nginx该使用哪种轮询方法,会自动选择一个最适合你操作系统的)
worker_connections 1024; # 允许的最大并发连接数
accept_mutex on; # 是否打开负载均衡互斥锁,默认是off关闭的,这里推荐打开
}
##http:配置代理,缓存,日志定义等绝大多数功能和第三方模块的配置;##
http {
include mime.types; # 包含 MIME 类型的定义,文件扩展名与类型映射表
default_type application/octet-stream; # 默认文件类型
default_type application/octet-stream; # 默认的 MIME 类型
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # 日志格式定义
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main; # 访问日志文件及使用的日志格式
sendfile on; # 启用零拷贝传输,高效传输模式
tcp_nopush on; # 启用 TCP nopush 选项,减少网络报文段的数量
keepalive_timeout 0; # 禁用持久连接的超时时间
keepalive_timeout 65; # 保持存活连接的超时时间
gzip on; # 开启 Gzip 压缩
include /etc/nginx/conf.d/*.conf; # 加载自定义配置项
##upstream:配置后端服务器具体地址,负载均衡配置不可或缺的部分。##
upstream back_end_server{
server 192.168.100.33:8081 #定义后端web服务器节点
}
##server:配置虚拟主机的相关参数,一个 http 块中可以有多个 server 块;每个nginx相当于一个虚拟服务器的地位。##
server {
listen 80; # 监听端口 80
server_name localhost; # 服务器名为 localhost
charset koi8-r; # 字符集设置为 koi8-r
access_log logs/host.access.log main; # 主机访问日志文件及使用的日志格式
##location:用于配置匹配的 uri ;##
location / {
root html; # 指定静态资源目录位置,它可以写在 http 、 server 、 location 等配置中。
index index.html index.htm; # 默认的索引文件
deny 172.168.22.11; # 禁止访问的ip地址,可以为all
allow 172.168.33.44;# 允许访问的ip地址,可以为all
}
location /image {
alias /opt/nginx/static/image/;#它也是指定静态资源目录位置,使用alias末尾一定要添加 / ,只能写在 location 中。
}
#当用户访问 www.jx.com/image/1.png 时,实际在服务器找的路径是 /opt/nginx/static/image/1.png
error_page 404 /404.html; # 设置 404 错误页面的位置为 /404.html
error_page 500 502 503 504 /50x.html; # 将服务器错误页面重定向到 /50x.html
location = /50x.html {
root html;
}
location ~ \.php$ {
proxy_pass http://127.0.0.1; # 将 PHP 脚本代理到监听在 127.0.0.1:80 上的 Apache 服务器
}
location ~ \.php$ {
root html; # PHP 脚本位置
fastcgi_pass 127.0.0.1:9000; # 向 FastCGI 服务器传递 PHP 脚本
fastcgi_index index.php; # 指定 FastCGI 服务器默认的脚本文件名
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # FastCGI 参数配置
include fastcgi_params; # 包含 FastCGI 相关的参数配置
}
location ~ /\.ht {
deny all; # 阻止访问 .htaccess 文件
}
}
server {
listen 8000; # 监听端口 8000
listen somename:8080; # 监听 somename:8080
server_name somename alias another.alias; # 服务器名设置
location / {
root html; # 根目录位置为 html 文件夹
index index.html index.htm; # 默认的索引文件
}
}
server {
listen 443 ssl; # 启动在 443 端口,并开启 SSL
server_name localhost; # 服务器名为 localhost
ssl_certificate cert.pem; # SSL 证书文件
ssl_certificate_key cert.key; # SSL 证书的私钥文件
ssl_session_cache shared:SSL:1m; # 配置 SSL 会话缓存
ssl_session_timeout 5m; # SSL 会话缓存的超时时间设置为 5 分钟
ssl_ciphers HIGH:!aNULL:!MD5; # 配置 SSL 加密算法
ssl_prefer_server_ciphers on; # 优先使用服务器端的加密套件
location / {
root html; # 根目录位置为 html 文件夹
index index.html index.htm; # 默认的索引文件
}
}
}2.2.3 核心命令
| 命令 | 作用 |
| systemctl enable nginx | 开机自动启动 |
| systemctl disable nginx | 关闭开机自动启动 |
| systemctl start nginx | 启动Nginx |
| systemctl stop nginx | 停止Nginx |
| systemctl restart nginx | 重启Nginx |
| systemctl reload nginx | 重新加载Nginx |
| systemctl status nginx | 查看 Nginx 运行状态 |
| ps -elf \| grep [n]ginx | 查看Nginx进程,但是不会显示grep本身的进程 |
| kill -9 pid | 根据上面查看到的Nginx进程号,杀死Nginx进程,-9 表示强制结束进程 |
| nginx -s reload | 向主进程发送信号,重新加载配置文件,热重启 |
| nginx -s reopen | 重启 Nginx |
| nginx -s stop | 快速关闭 |
| nginx -s quit | 等待工作进程处理完成后关闭 |
| nginx -T | 查看当前 Nginx 最终的配置 |
| nginx -t | 检查配置是否有问题 |
| nginx -c configfilePath | 指定配置文件启动nginx |
三、配置案例
3.1 单站点配置
安装完毕启动nginx服务即可!!
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}nginx.conf.default配置文件
user nobody;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
server {
listen 80;
server_name localhost;
charset utf8;
access_log /var/log/nginx/access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}3.2 虚拟机主机头配置
3.2.1 基于IP地址
user nobody;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
server {
listen 192.168.115.111:80;
server_name _;
charset utf8;
access_log /var/log/nginx/access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
server {
listen 192.168.115.114:80;
server_name _;
location / {
root /var/www/html;
index index.html index.htm;
}
}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
####客户端测试####3.2.2 基于域名
user nobody;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
server {
listen 192.168.115.111:80;
server_name www1.jx.com;
charset utf8;
access_log /var/log/nginx/access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
server {
listen 192.168.115.114:80;
server_name www2.jx.com;
location / {
root /var/www/html;
index index.html index.htm;
}
}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
3.2.3 基于端口号
user nobody;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
server {
listen 192.168.115.111:80;
server_name www1.jx.com;
charset utf8;
access_log /var/log/nginx/access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
server {
listen 192.168.115.114:81;
server_name www2.jx.com;
location / {
root /var/www/html;
index index.html index.htm;
}
}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
扫一扫
4876
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
