nginx -2

最新推荐文章于 2023-09-07 09:15:00 发布

愿而自知

最新推荐文章于 2023-09-07 09:15:00 发布

阅读量214

点赞数

文章标签： nginx

本文链接：https://blog.youkuaiyun.com/weixin_47746630/article/details/111502680

版权

1. location区段，通过指定模式来与客户端请求的URI相匹配

//功能：允许根据用户请求的URI来匹配定义的各location，匹配到时，此请求将被相应的location配置块中的配置所处理，例如做访问控制等功能
//语法：location [ 修饰符 ] pattern {......}

环境说明：

系统环境	IP	主机名
RedHat 8 （nginx主机）	192.168.152.135	[root@localhost ~]
RedHat 8 （验证主机）	192.168.152.128	[root@echo ~]

常用修饰符说明：

修饰符	功能
=	精确匹配
~	正则表达式模式匹配，区分大小写
~*	正则表达式模式匹配，不区分大小写
^~	前缀匹配，类似于无修饰符的行为，也是以指定模块开始，不同的是，如果模式匹配，那么就停止搜索其他模式了，不支持正则表达式
@	定义命名location区段，这些区段客户端不能访问，只可以由内部产生的请求来访问，如try_files或error_page等

没有修饰符表示必须以指定模式开始，如：

//修改配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
...
server {
  location /abc {
      echo 'xiao zhan';
  }
}
...
[root@localhost ~]# nginx -s reload

//验证正确匹配内容如下：
[root@echo ~]# curl http://192.168.152.135/abc
xiao zhan
[root@echo ~]# curl http://192.168.152.135/abc\?dk=ek=10
xiao zhan
[root@echo ~]# curl http://192.168.152.135/abc/111
xiao zhan

=：表示必须与指定的模式精确匹配，如：

//修改配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
...
server {
  location = /abc {
      echo 'xiao zhan';
  }
}
...
[root@localhost ~]# nginx -s reload

//验证正确匹配内容如下：
[root@echo ~]# curl http://192.168.152.135/abc
xiao zhan
[root@echo ~]# curl http://192.168.152.135/abc\?dk=ek=10
xiao zhan

//验证无法匹配内容如下：
[root@echo ~]# curl http://192.168.152.135/abc/111
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>
[root@echo ~]# curl http://192.168.152.135/abc/s
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

~：表示指定的正则表达式要区分大小写，如：

//修改配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
...
server {
  location ~ ^/abc$ {
      echo 'xiao zhan';
  }
}
...
[root@localhost ~]# nginx -s reload

//验证正确匹配内容如下：
[root@echo ~]# curl http://192.168.152.135/abc
xiao zhan
[root@echo ~]# curl http://192.168.152.135/abc\?dk=ek=10
xiao zhan

//验证无法匹配内容如下：
[root@echo ~]# curl http://192.168.152.135/abc/s
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>
[root@echo ~]# curl http://192.168.152.135/ABC
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>
[root@echo ~]# curl http://192.168.152.135/abcde
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

~*：表示指定的正则表达式不区分大小写，如：

//修改配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
...
server {
  location ~* ^/abc$ {
      echo 'xiao zhan';
  }
}
...
[root@localhost ~]# nginx -s reload

//验证正确匹配内容如下：
[root@echo ~]# curl http://192.168.152.135/abc
xiao zhan
[root@echo ~]# curl http://192.168.152.135/abc\?dk=ek=10
xiao zhan
[root@echo ~]# curl http://192.168.152.135/ABC
xiao zhan

//验证无法匹配内容如下：
[root@echo ~]# curl http://192.168.152.135/abc/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>
[root@echo ~]# curl http://192.168.152.135/abcdef
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

~：类似于无修饰符的行为，也是以指定模式开始，不同的是，如果模式匹配，则停止搜索其他模式

查找顺序和优先级：由高到底依次为

带有=的精确匹配优先
正则表达式按照他们在配置文件中定义的顺序
带有~^修饰符的，开头匹配
带有~或~*修饰符的，如果正则表达式与URI匹配
没有修饰符的精确匹配
优先级次序如下：

( location = 路径 ) --> ( location ~^ 路径 ) --> ( location ~ 正则 ) <-正则的格式是谁写在前面谁优先-> ( location ~* 正则 ) --> ( location 路径 )

2.nginx平滑升级( 添加一个echo)

1.先确认原版本编译了哪些参数

[root@localhost ~]# nginx -V     
nginx version: nginx/1.18.0
built by gcc 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC) 
built with OpenSSL 1.1.1g FIPS  21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log

2.下载新模块

在这里插入图片描述

[root@localhost ~]# ls  //把echo模块传到当前目录
anaconda-ks.cfg  echo-nginx-module-master.zip  nginx-1.18.0.tar.gz
[root@localhost ~]# yum -y install unzip
[root@localhost ~]# unzip echo-nginx-module-master.zip 
[root@localhost ~]# tar xf nginx-1.18.0.tar.gz 
[root@localhost ~]# ls
anaconda-ks.cfg               nginx-1.18.0
echo-nginx-module-master      nginx-1.18.0.tar.gz
echo-nginx-module-master.zip

3.编译新模块，在原有的参数后面加.上-- -add-module=新模块路径

[root@localhost ~]# cd nginx-1.18.0
[root@localhost nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --add-module=../echo-nginx-module-master
过程略...

[root@localhost nginx-1.18.0]# make
过程略...

4.备份原程序

[root@localhost ~]# cd /usr/local/nginx/sbin/
[root@localhost sbin]# ls
nginx
[root@localhost sbin]# cp nginx{,-20201221}
[root@localhost sbin]# ls
nginx  nginx-20201221

5.停止服务，拷贝新程序替换原程序，启动服务

[root@localhost objs]# pwd
/root/nginx-1.18.0/objs
[root@localhost objs]# /usr/local/nginx/sbin/nginx -s stop;\cp nginx /usr/local/nginx/sbin/;/usr/local/nginx/sbin/nginx
[root@localhost objs]# ss -antl
State   Recv-Q   Send-Q      Local Address:Port      Peer Address:Port   
LISTEN  0        128               0.0.0.0:80             0.0.0.0:*      
LISTEN  0        128               0.0.0.0:22             0.0.0.0:*      
LISTEN  0        128                  [::]:22                [::]:* 

[root@localhost ~]# nginx -V
nginx version: nginx/1.18.0
built by gcc 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC) 
built with OpenSSL 1.1.1g FIPS  21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --add-module=../echo-nginx-module-master

6.修改配置文件验证

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
略...
        location / {
            root   html;
            index  index.html index.htm;
        }

        location /test {              //添加echo内容
            echo 'ni hao';
        }
略...

[root@localhost ~]# nginx -s reload    //重新加载

//另开一台虚拟机验证
[root@echo ~]# curl http://192.168.152.135/test
ni hao

3.访问控制

用于location段
allow：设定允许哪台或哪些主机访问，多个参数间用空格隔开
deny：设定禁止哪台或哪些主机访问，多个参数间用空格隔开
示例：

进入nginx的html里，创建目录test写入一个网站index.html

[root@localhost ~]# cd /usr/local/nginx/html/
[root@localhost html]# ls
50x.html  index.html  index.php
[root@localhost html]# mkdir test
[root@localhost html]# cd test
[root@localhost test]# ls
[root@localhost test]# echo 'lixian' > /usr/local/nginx/html/test/index.html
[root@localhost test]# ls
index.html

访问验证

在这里插入图片描述

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
//在location字段添加此几行
//表示只允许本机访问

        location /test {
            root   /usr/local/nginx/html;
            index  index.html;
            allow 192.168.152.135/32;
            deny all;
            }

[root@localhost ~]# nginx -s reload

//访问验证，只有本机可以访问
[root@localhost html]# curl http://192.168.152.135/test/index.html
lixian

[root@echo ~]# curl http://192.168.152.135/test/index.html
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf

        location /test {
            root   /usr/local/nginx/html;
            index  index.html;
            deny 192.168.152.135/32;     //修改此两行信息
            allow all;                   //表示允许所有主机访问，本机无法访问
            }
            
//访问验证，只有本机无法访问
[root@localhost html]# curl http://192.168.152.135/test/index.html
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

[root@echo ~]# curl http://192.168.152.135/test/index.html
lixian

注意：访问控制在配置文件里用在http可以影响所有server，用在server里影响所有location,用在location里只影响单个的location。

4.基于用户认证

auth_basic "欢迎信息";
auth_basic_user_file "/path/to/user_auth_file"

user_auth_file内容格式为：

username:password

这里的密码为加密后的密码串，建议用htpasswd来创建此文件：

htpasswd -c -m /path/to/.user_auth_file USERNAME

示例：

//创建用户，设置密码
[root@localhost nginx]# pwd
/usr/local/nginx
[root@localhost nginx]# ls
client_body_temp  fastcgi_temp  logs        sbin       uwsgi_temp
conf              html          proxy_temp  scgi_temp
[root@localhost nginx]# htpasswd -c -m /usr/local/nginx/.password admin
New password:            //输入密码
Re-type new password:    //再次输入密码
Adding password for user admin

[root@localhost nginx]# ls -a
.   client_body_temp  fastcgi_temp  logs       proxy_temp  scgi_temp
..  conf              html          .password  sbin        uwsgi_temp
[root@localhost nginx]# cat .password 
admin:$apr1$NVG22.Lt$5rqCta7m.TCNo3y.3CEVJ1

//编辑配置文件
[root@localhost nginx]# vim conf/nginx.conf
略...
        location /test {
            root   /usr/local/nginx/html;
            index  index.html;
            auth_basic "欢迎光临";                                 //加入此两行
            auth_basic_user_file '/usr/local/nginx/.password';    //密码路径
        }
略...

网页登录验证

在这里插入图片描述

注意：用户认证在配置文件里用在http可以影响所有server，用在server里影响所有location,用在location里只影响单个的location。

5. 开启状态界面

开启status：

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
略...
//修改配置文件，添加此几行
location /status {
  stub_status on;
  allow 192.168.152.135/32;       //在公司里要设置白名单，只允许自己访问
  deny all;
}
略...
[root@localhost ~]# nginx -s reload

//查看状态界面
[root@localhost ~]# curl 192.168.152.135/status
Active connections: 1 
server accepts handled requests
 122 122 164 
Reading: 0 Writing: 1 Waiting: 0

访问状态页面的方式：http://server_ip/status
状态页面信息详解：

状态码	表示的意义
Active connections 2	当前所有处于打开状态的连接数
accepts	总共处理了多少个连接
handled	成功创建多少握手
requests	总共处理了多少个请求
Reading	nginx读取到客户端的Header信息数，表示正处于接收请求状态的连接数
Writing	nginx返回给客户端的Header信息数，表示请求已经接收完成，且正处于处理请求或发送响应的过程中的连接数
Waiting	开启keep-alive的情况下，这个值等于active - (reading + writing)，意思就是Nginx已处理完正在等候下一次请求指令的驻留连接

zabbix监控nginx状态页面

编写查看nginx状态页面的脚本

[root@localhost ~]# cat nginx_status.sh 
#!/bin/bash
#本机IP
host="192.168.152.135"

function active {
    curl -s http://$host/status |awk 'NR==1{print $3}'
}
function Reading {
    curl -s http://$host/status |awk 'NR==4{print $2}'
}
function Writing {
    curl -s http://$host/status |awk 'NR==4{print $4}'
}
function Waiting {
    curl -s http://$host/status |awk 'NR==4{print $6}'
}
function accepts {
    curl -s http://$host/status |awk 'NR==3{print $1}'
}
function handled {
    curl -s http://$host/status |awk 'NR==3{print $2}'
}
function requests {
    curl -s http://$host/status |awk 'NR==3{print $3}'
}

$1

[root@localhost ~]# chmod +x nginx_status.sh

部署zabbix

部署zabbix需要先安装lnmp 请参考nginx

//下载zabbix，解压缩
[root@localhost ~]# ls
anaconda-ks.cfg   zabbix-5.2.0.tar.gz
[root@localhost ~]# tar xf zabbix-5.2.0.tar.gz 
[root@localhost ~]# ls
anaconda-ks.cfg   zabbix-5.2.0  zabbix-5.2.0.tar.gz

//安装依赖包
[root@localhost ~]# yum -y install net-snmp-devel libevent-devel

//创建zabbix用户
[root@localhost ~]# useradd -r -M -s /sbin/nologin zabbix
[root@localhost ~]# id zabbix
uid=992(zabbix) gid=990(zabbix) groups=990(zabbix)

//配置zabbix数据库
[root@localhost ~]# mysql -uroot -p123456

mysql> create database zabbix character set utf8 collate utf8_bin;
Query OK, 1 row affected (0.00 sec)

mysql> grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix123456';
Query OK, 0 rows affected, 2 warnings (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> quit
Bye

//恢复数据库数据
[root@localhost ~]# cd zabbix-5.2.0/database/mysql/
[root@localhost mysql]# ll
total 10232
-rw-r--r-- 1 1000 1000 8308118 Oct 26 23:44 data.sql
-rw-r--r-- 1 1000 1000     282 Oct 26 19:18 double.sql
-rw-r--r-- 1 1000 1000 1978341 May 11 01:36 images.sql
-rw-r--r-- 1 1000 1000     482 Oct 26 19:18 Makefile.am
-rw-r--r-- 1 1000 1000   15982 Oct 26 23:44 Makefile.in
-rw-r--r-- 1 1000 1000  160579 Oct 26 23:44 schema.sql

[root@localhost mysql]# mysql -uzabbix -p'zabbix123456' zabbix < schema.sql
mysql: [Warning] Using a password on the command line interface can be insecure.
[root@localhost mysql]# mysql -uzabbix -p'zabbix123456' zabbix < images.sql
mysql: [Warning] Using a password on the command line interface can be insecure.
[root@localhost mysql]# mysql -uzabbix -p'zabbix123456' zabbix < data.sql 
mysql: [Warning] Using a password on the command line interface can be insecure.

//源码编译，安装
[root@localhost ~]# cd zabbix-5.2.0
[root@localhost zabbix-5.2.0]# ls
aclocal.m4  compile       configure.ac  INSTALL      man      sass
AUTHORS     conf          COPYING       install-sh   misc     src
bin         config.guess  database      m4           missing  ui
build       config.sub    depcomp       Makefile.am  NEWS
ChangeLog   configure     include       Makefile.in  README
[root@localhost zabbix-5.2.0]# ./configure --enable-server \
 --enable-agent \
 --with-mysql \
 --with-net-snmp \
 --with-libcurl \
 --with-libxml2

lpcre 
    Configuration file:    /usr/local/etc/zabbix_agentd.conf
    Modules:               /usr/local/lib/modules

  Enable agent 2:        no

  Enable Java gateway:   no

  LDAP support:          no
  IPv6 support:          no

***********************************************************
*            Now run 'make install'                       *
*                                                         *
*            Thank you for using Zabbix!                  *
*              <http://www.zabbix.com>                    *
***********************************************************

[root@localhost zabbix-5.2.0]# make install

//修改服务端配置文件及修改
[root@localhost ~]# ls /usr/local/etc/
zabbix_agentd.conf    zabbix_server.conf
zabbix_agentd.conf.d  zabbix_server.conf.d
[root@localhost ~]# vim /usr/local/etc/zabbix_server.conf
DBPassword=zabbix123456   //找到此行，取消注释，写上数据库授权密码

//修改/etc/php.ini的配置并重启php-fpm
[root@localhost ~]# sed -ri 's/(post_max_size =).*/\1 16M/g' /etc/php.ini
[root@localhost ~]# sed -ri 's/(max_execution_time =).*/\1 300/g' /etc/php.ini
[root@localhost ~]# sed -ri 's/(max_input_time =).*/\1 300/g' /etc/php.ini
[root@localhost ~]# sed -i '/;date.timezone/a date.timezone = Asia/Shanghai' /etc/php.ini
[root@localhost ~]# service php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done

zabbix网页配置

//修改nginx配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf

        location /zabbix {          //添加zabbix监控页面
            root   /usr/local/nginx/html/;
            index  index.php index.html index.htm;
        }
[root@localhost ]# nginx -s reload

//修改zabbix配置文件
[root@localhost ~]# vim /usr/local/etc/zabbix_agentd.conf
//开启自定义监控，取消注释，改值为1
UnsafeUserParameters=1     

//追加自定义监控的参数内容
Userparameter=check_status[*],/bin/bash /root/nginx_status.sh $1

//iu为前端网页放置的目录
[root@localhost ~]# cd zabbix-5.2.0
[root@localhost zabbix-5.2.0]# mkdir /usr/local/nginx/html/zabbix
[root@localhost zabbix-5.2.0]# cp -a ui/* /usr/local/nginx/html/zabbix

[root@localhost ~]# cd /usr/local/nginx/html/
[root@localhost html]# ls
50x.html  index.html  index.php  test  zabbix
[root@localhost html]# chown zabbix.zabbix zabbix/

//启动服务
[root@localhost ~]# zabbix_server 
[root@localhost ~]# zabbix_agentd 
[root@localhost ~]# ss -antl
State   Recv-Q   Send-Q      Local Address:Port      Peer Address:Port   
LISTEN  0        128               0.0.0.0:22             0.0.0.0:*      
LISTEN  0        128               0.0.0.0:10050          0.0.0.0:*      
LISTEN  0        128               0.0.0.0:10051          0.0.0.0:*      
LISTEN  0        128             127.0.0.1:9000           0.0.0.0:*      
LISTEN  0        128                     *:80                   *:*      
LISTEN  0        128                  [::]:22                [::]:*      
LISTEN  0        80                      *:3306                 *:*