Nginx网站服务
关于Nginx
-
一款高性能、轻量级Web服务软件
-
稳定性高
-
系统资源消耗低
- 对HTTP并发连接的处理能力高
单台物理服务器可支持30000 ~ 50000个并发请求
-
Nginx编译安装
安装支持软件
[root@localhost opt] yum install gcc gcc-c++ make pcre-devel zlib-devel -y
创建运行用户、组
[root@localhost opt] useradd -M -s /sbin/nologin nginx
编译安装Nginx
- Nginx源码包下载
[root@localhost ~] mount.cifs //192.168.100.10/lnmp /mnt/ //将本地nginx源码包挂载到mnt目录下
[root@localhost ~] cd /mnt/
[root@localhost mnt] tar zxvf nginx-1.12.2.tar.gz -C /opt/ //解压源码包到opt目录
[root@localhost mnt] cd /opt
[root@localhost opt] cd nginx-1.12.2/ //进入nginx安装包目录
[root@localhost nginx-1.12.2] ./configure \
--prefix=/usr/local/nginx \ //指定安装路径
--user=nginx \ //指定程序用户
--group=nginx \ //指定组
--with-http_stub_status_module //关联状态统计模块
[root@localhost nginx-1.12.2] make && make install //配置、安装
[root@localhost nginx-1.12.2] cd /usr/local/nginx/sbin //进入nginx安装后的命令目录
[root@localhost sbin] ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ //建立软链接到sbin目录
[root@localhost sbin] nginx //执行开启服务
[root@localhost conf]# netstat -ntap | grep 80 //查看服务端口是否开启
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 31755/nginx: master
[root@localhost sbin] systemctl stop firewalld.service //关闭防火墙
[root@localhost sbin] setenforce 0 //关闭增强性安全功能
[root@localhost sbin] yum install elinks -y //安装检测网站工具
[root@localhost sbin] elinks http://localhost //检测网站是否开启
优化运行控制
[root@localhost sbin]# vim /etc/init.d/nginx //编辑运行控制脚本
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
:wq
[root@localhost sbin]# cd /etc/init.d
[root@localhost init.d]# chmod +x nginx //给脚本添加执行权限
[root@localhost init.d]# chkconfig --add nginx //将脚本添加到系统环境
[root@localhost init.d]# service nginx start //使用service控制服务开启
配置文件
- 全局配置
#user nobody;
worker processes 1;
#error_ log logs/error.log;
#pid logs/nginx.pid;
I/0
事件配置
events {
use epoll;
worker_connections 4096;
}
HTTP
配置
http {
......
access_log logs/access.log main;
sendfile on;
......
keepalive_timeout 65;
server {
listen 80;
server name www.bt.com;
charset utf-8;
location / {
root html;
index index.html index.php; }
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;}}
}
Nginx的访问状态统计
启用HTTP STUB STATUS状态统计模块
- 配置编译参数时添加
--with-http_ stub_ status_ module
nginx -V
查看已安装的Nginx
是否包含HTTP_ STUB_ _STATUS
模块
[root@localhost init.d]# cd /usr/local/nginx/conf/ //进入配置文件目录
[root@localhost conf]# vim nginx.conf //编辑配置文件
...//省略部分内容...
server {
listen 80;
server_name www.kgc.com; //编辑域名
charset utf-8; //编辑字符串格式为utf-8
#access_log logs/host.access.log; //注释access日志文件
location / {
root html;
index index.html index.htm;
}
location /status {
stub_status on; //开启功能统计模块
access_log off;
}
...//省略部分内容...
:wq //保存退出
[root@localhost conf]# yum install bind -y //安装DNS服务
[root@localhost conf]# vim /etc/named.conf //常规配置DNS功能
...//省略部分内容...
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
...//省略部分内容...
:wq
[root@localhost conf]# vim /etc/named.rfc1912.zones
...//省略部分内容...
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };
};
...//省略部分内容...
:wq
[root@localhost conf]# cd /var/named/
[root@localhost named]# cp -p named.localhost kgc.com.zone
[root@localhost named]# vim kgc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.144.133
:wq
[root@localhost named]# systemctl start named
[root@localhost named]# service nginx stop
[root@localhost named]# service nginx start
- 在客户机中打开浏览器输入域名
www.kgc.com/status
访问网站统计记录
授权的访问控制
- 配置步骤与Apache基本一致
- 生成用户密码认证文件
- 修改主配置文件对相应目录,添加认证配置项
- 重启服务,访问测试
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.kgc.com;
charset utf-8;
#access_log logs/host.access.log;
location / {
auth_basic "secret"; //插入设置密码验证
auth_basic_user_file /usr/local/nginx/passwd.db; //添加条目设置密码验证文件存放目录
root html;
index index.html index.htm;
}
location /status {
stub_status on;
access_log off;
}
:wq
[root@localhost ~]# yum install httpd-tools -y //安装生成密码设置文件
已加载插件:fastestmirror, langpacks
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
...//省略部分内容...
已安装:
httpd-tools.x86_64 0:2.4.6-90.el7.centos
作为依赖被安装:
apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7
完毕!
[root@localhost ~]# htpasswd -c /usr/local/nginx/passwd.db test01 //创建密码验证文件
New password: //输入密码
Re-type new password: //再次输入
Adding password for user test01 //创建用户成功
[root@localhost ~]# cat /usr/local/nginx/passwd.db //查看创建的密码文件
test01:$apr1$T22NmXdU$yE8iwUxpaHcR95ZNosCUK0 //用户密码信息
[root@localhost ~]# service nginx stop //停止nginx服务
[root@localhost ~]# service nginx start //启动nginx服务
[root@localhost ~]# netstat -ntap | grep 80 //查看端口是否开启
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8624/nginx:
- 再客户机中测试授权访问控制