Nginx是俄罗斯人编写的十分轻量级的HTTP服务器,Nginx,它的发音为“engine X”,是一个高性能的HTTP和反向代理服务器,同时也是一个IMAP/POP3/SMTP 代理服务器。Nginx是由俄罗斯人 Igor Sysoev为俄罗斯访问量第二的 Rambler.ru站点开发的,它已经在该站点运行超过两年半了。Igor Sysoev在建立的项目时,使用基于BSD许可,可以通过官网查看它的信息。
操作系统:redhat 6.5
selinux iptables off
主机名 | IP | 安装服务 | 功能说明 |
---|---|---|---|
server1 | 10.10.10.1 | Nginx | WEB服务器 |
server2 | 10.10.10.2 | Nginx | WEB服务器 |
dream | 10.10.10.250 | 测试访问WEB服务器 |
Nginx下载地址:http://nginx.org/en/download.html
Nginx RPM包下载地址:http://nginx.org/packages/rhel/7/x86_64/RPMS/(6的话把7换成6即可)
echo-nginx-module-0.61第三方模块下载链接:https://github.com/openresty/echo-nginx-module/tags
百度网盘地址: https://pan.baidu.com/s/1NJiPYioi_843WfqMAI4PsA 密码: wdf8
[root@server1 ~]# wget http://nginx.org/download/nginx-1.14.0.tar.gz
[root@server1 ~]# wget https://github.com/openresty/echo-nginx-module/archive/v0.61.tar.gz
[root@server1 ~]# tar xf v0.61.tar.gz
[root@server1 ~]# tar xf nginx-1.14.0.tar.gz
[root@server1 ~]# yum install -y gcc pcre-devel openssl-devel
[root@server1 ~]# cd nginx-1.14.0
[root@server1 nginx-1.14.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module --add-module=/root/echo-nginx-module-0.61/
[root@server1 nginx-1.14.0]# make && make install
[root@server1 ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[root@server1 ~]# useradd nginx
[root@server1 ~]# lscpu ###虚拟机修改设置即可,查看cpu个数
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
worker_connections:单个进程最大连接数(最大连接数=连接数*进程数)
[root@server1 ~]# vim /etc/security/limits.conf
nginx - nofile 65535
[root@server1 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 ~]# nginx
[root@server1 ~]# sysctl -a|grep range
[root@server1 ~]# sysctl -w net.ipv4.ip_local_port_range="1024 65535"
[root@server1 ~]# vim /etc/sysctl.conf ###在配置文件中添加
net.ipv4.ip_local_port_range = 1024 65535
[root@server1 ~]# sysctl -p ###刷新
[root@server1 ~]# sysctl -a|grep range
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
include ###文件扩展名与文件类型映射表
default_type ###默认文件类型
sendfile ###默认设置打开,从硬盘数据直接传输到协议栈。如果用来进行下载等应用磁盘IO重负载应用,可设置为off,以平衡磁盘与网络I/O处理速度,降低系统的uptime
tcp_nopush ###当开启sendfile是,此参数开启才有效果。开启时会调用tcp_cork方法,数据包会等到最大时在一次传输出去,这样有利于解决网络堵塞。
tcp_nodelay ###延时,等待数据多点在一起发,提高磁盘I/O
keepalive_timeout ###连接超时
官网参考链接:https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
limit_conn addr 1:限制每个ip访问lmit.html文件时候,最多只能有一个在线,否则其余的都要返回不可用(addr要跟 limit_conn_zone的变量对应)
[root@server1 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 ~]# nginx
[root@server1 ~]# mkdir /usr/local/nginx/html/download
[root@server1 ~]# ls /usr/local/nginx/html/download
dream.jpg
[root@dream ~]# ab -c 10 -n 1000 http://10.10.10.1/download/dream.jpg
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@server1 ~]# nginx -s reload
###访问日志目录:/usr/local/nginx/logs/access.log
[root@dream ~]# ab -c 10 -n 1000 http://10.10.10.1/download/dream.jpg
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
limit_req_zone:表示当相同的ip地址并且访问相同的uri,会导致进入limit req的限制(每秒1个请求)
burst=5 表示最大延迟请求数量不大于5。
[root@server1 ~]# nginx -s reload
[root@dream ~]# ab -c 10 -n 1000 http://10.10.10.1/download/dream.jpg
[root@server1 ~]# cat /usr/local/nginx/logs/access.log
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@server1 ~]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem
[root@server1 ~]# cp /etc/pki/tls/certs/cert.pem /usr/local/nginx/conf/
[root@server1 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 ~]# nginx -s reload
[root@dream ~]# vim /etc/hosts
10.10.10.1 www.dream.com
https://www.dream.com
! :表示取反
~ :表示为区分大小写匹配
~* :表示为不区分大小写匹配
-f和!-f:用来判断是否存在文件
-d和!-d:用来判断是否存在目录
-e和!-e:用来判断是否存在文件或目录
-x和!-x:用来判断文件是否可执行
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@dream ~]# curl -I www.dream.com
[root@server1 ~]# nginx -s reload
[root@server1 ~]# mkdir /www
[root@server1 ~]# echo www.dream.com >/www/index.html
[root@server1 ~]# mkdir /bbs
[root@server1 ~]# echo bbs.dream.com >/bbs/index.html
通过浏览器访问www.dream.com访问显示为:www.dream.com,www.dream.com/bbs访问显示:bbs.dream.com
[root@dream ~]# curl -I www.dream.com
[root@dream ~]# curl -I www.dream.com/bbs
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@server1 ~]# nginx -s reload
访问IP返回503错误,访问域名正常访问!!!
http://10.10.10.1/
直接通过IP(10.10.10.1)访问会直接访问到百度!!!
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@server1 ~]# nginx -s reload
[root@dream ~]# curl -I 10.10.10.1
限制IP对域名www.dream.com访问,这里我们来限制server2(10.10.10.2)访问!!!
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@server1 ~]# nginx -s reload
# curl -I www.dream.com
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@server1 ~]# nginx -s reload
[root@server1 ~]# echo "yayaya" >/www/dream.sh
[root@server1 ~]# chmod +x /www/dream.sh
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@server1 ~]# nginx -s reload
[root@server1 ~]# scp -rp /usr/local/nginx/ [email protected]:/usr/local/
[root@server2 ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[root@server2 ~]# useradd nginx
[root@server2 ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes auto;
events {
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server {
listen 80;
rewrite ^(.*) http://www.baidu.com;
location /download/ {
limit_conn addr 1;
limit_req zone=one burst=5;
}
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name abc.dream.com;
location / {
charset utf-8;
root /abc;
index index.html;
}
}
}
[root@server2 ~]# mkdir /abc
[root@server2 ~]# vim /abc/index.html
<html>
<body>
<br>盗链图片br>
<img src="http://www.dream.com/dream.jpg">
body>
html>
[root@server2 ~]# nginx -s reload
可以发现通过访问server2来访问到server1中的图片!!!
[root@server1 ~]# cp /usr/local/nginx/html/download/dream.jpg /www/ ###复制照片到发布目录
[root@dream ~]# cat /etc/hosts
http://abc.dream.com/ ###真机浏览器
expires 30:过期时间30天!!!
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@server1 ~]# ls /bbs/ ###在/bbs目录中添加照片
daolian.jpg index.html
[root@server1 ~]# nginx -s reload
[root@server1 ~]# nginx -V ###V:大写
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
[root@server1 ~]# nginx -s reload
http://bbs.dream.com/status