iptables和selinux关闭
redhat6.5
nginx:server2 172.25.254.2
服务器:
server1:172.25.254.1
server3:172.25.254.3
[root@server2 ~]# ls
nginx-1.14.0.tar.gz
[root@server2 ~]# tar zxf nginx-1.14.0.tar.gz
[root@server2 ~]# cd nginx-1.14.0/src/core
[root@server2 core]# vim nginx.h //改变显示
#define NGINX_VER "nginx"
[root@server2 core]# cd ..
[root@server2 src]# cd ..
[root@server2 nginx-1.14.0]# cd auto/cc
[root@server2 cc]# vim gcc //注释
172 #CFLAGS="$CFLAGS -g"
[root@server2 cc]# ./configure --help
[root@server2 nginx-1.14.0]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio //检测编译环境是否完善
[root@server2 nginx-1.14.0]# make
[root@server2 nginx-1.14.0]# make install
[root@server2 nginx-1.14.0]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio
[root@server2 nginx-1.14.0]# cd /usr/local/nginx/sbin/
[root@server2 sbin]# ln -s /usr/local/nginx/sbin/nginx /sbin/
[root@server2 sbin]# nginx -t //检测语法错误
[root@server2 sbin]# nginx //打开nginx
[root@server2 sbin]# nginx -s reload //重新加载
[root@server2 sbin]# nginx -s stop //关闭nginx
[root@server2 sbin]# cd ..
[root@server2 nginx]# cd html
[root@server2 html]# vim index.html
www.westos.org
[root@server2 html]# nginx
[root@server2 ~]# cd /usr/local/nginx/conf
[root@server2 conf]# lscpu
CPU(s): 2
[root@server2 conf]# vim nginx.conf
user nginx nginx;
worker_processes 2;
worker_cpu_affinity 01 10;
events {
worker_connections 65535;
}
http {
upstream ying {
#ip_hash; //Ip不变后端服务器不变,持续的后端连接(默认为轮询)
server 172.25.254.1:80;
server 172.25.254.4:80;
server 127.0.0.1;
}
server{
listen 80;
server_name www.westos.org; //域名访问
location / {
proxy_pass http://westos; //调度westos
}
}
[root@server2 conf]# vim /etc/security/limits.conf
nginx - nofile 65536
[root@server2 conf]# useradd -M -d /usr/local/nginx/ nginx
[root@server2 conf]# id nginx
uid=500(nginx) gid=500(nginx) groups=500(nginx)
[root@server2 conf]# nginx -t
[root@server2 conf]# nginx
[root@server2 conf]# nginx -s reload打开服务器的httpd服务:
[root@server1 ~]# cat /var/www/html/index.html
www.westos.org -server1[root@server4 ~]# cat /var/www/html/index.html
www.westos.org-server4
[root@server2 ~]# nginx -s stop
[root@server2 ~]# tar zxf nginx-1.10.1.tar.gz
[root@server2 ~]# tar zxf nginx-sticky-module-ng.tar.gz
[root@server2 ~]# cd nginx-1.10.1
[root@server2 nginx-1.10.1]# ./configure --prefix=/opt/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio --add-module=/root/nginx-sticky-module-ng//添加模块指定路径
[root@server2 nginx-1.10.1]# make
[root@server2 nginx-1.10.1]# make install
[root@server2 conf]# cd /opt/nginx/conf
[root@server2 conf]# cp /usr/local/nginx/conf/nginx.conf .
[root@server2 conf]# vim nginx.conf
http {
upstream ying {
sticky; //上面14版本不支持本算法
server 172.25.254.1:80;
server 172.25.254.4:80;
#server 127.0.0.1;
}
[root@server2 conf]# /opt/nginx/sbin/nginx -t
[root@server2 conf]# /opt/nginx/sbin/nginx
[root@server2 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org;
location / {
root /www1;
index index.html;
}
}
server{
listen 80;
server_name www.linux.org;
location / {
root /www2;
index index.html;
}
}[root@server2 ~]# mkdir /www1
[root@server2 ~]# mkdir /www2
[root@server2 ~]# cd /www1
[root@server2 www1]# cat index.html
www.westos.org
[root@server2 www1]# cd
[root@server2 ~]# cd /www2
[root@server2 www2]# cat index.html
www.linux.org
[root@server2 conf]# vim nginx.conf
server {
listen 443 ssl;
server_name www.westos.org;ssl_certificate cert.pem;
ssl_certificate_key cert.pem;ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;location / {
root /www1;
index index.html;
}
[root@server2 conf]# nginx -t
nginx: [emerg] BIO_new_file("/usr/local/lnmp/nginx/conf/cert.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/lnmp/nginx/conf/cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test failed
[root@server2 conf]# cd /etc/pki/tls/certs/
[root@server2 certs]# make cert.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
.........................................+++
.............................+++
writing new private key to '/tmp/openssl.0egoLz'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server2
Email Address []:root@localhost
[root@server5 certs]# ll cert.pem
-rw------- 1 root root 3088 Aug 7 08:14 cert.pem
[root@server2 certs]# cp cert.pem /usr/local/lnmp/nginx/conf/
[root@server2 certs]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server2 certs]# nginx -s reload
[root@server2 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org westos.org;
rewrite ^(.*)$ https://www.westos.org$1 permanent//永久重定向;
}
[root@server2 conf]# nginx -s reload
[root@foundation71 kiosk]# curl -I www.westos.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Oct 2018 05:43:51 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.westos.org
[root@foundation71 kiosk]# curl -I westos.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Oct 2018 05:44:00 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.westos.org
[root@foundation71 kiosk]# curl -I westos.org/index.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Oct 2018 05:44:07 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.westos.org/index.org
[root@foundation71 kiosk]# curl -I www.westos.org/index.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Oct 2018 05:44:10 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.westos.org/index.org
[root@server2 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org westos.org;
rewrite ^/bbs$ http://bbs.westos.org permanent;
rewrite ^/bbs/(.*)$ http://bbs.westos.org/$1 permanent;
}[root@server2 conf]# nginx -s reload
[root@foundation71 kiosk]# curl -I westos.org/bbs
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Oct 2018 05:50:07 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://bbs.westos.org
[root@foundation71 kiosk]# curl -I www.westos.org/bbs
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Oct 2018 05:50:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://bbs.westos.org
[root@foundation71 kiosk]# curl -I www.westos.org/bbs/index.html
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Oct 2018 05:50:50 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://bbs.westos.org/index.html
[root@foundation71 kiosk]# curl -I bbs.westos.org
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Oct 2018 05:51:07 GMT
Content-Type: text/html
Content-Length: 15
Last-Modified: Sun, 07 Oct 2018 05:50:50 GMT
Connection: keep-alive
ETag: "5b68ed1c-f"
Accept-Ranges: bytes
[root@server2 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org westos.org bbs.westos.org;
if ($host = "bbs.westos.org"){
rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent;
}
location / {
root /www1;
index index.html;
}
}[root@server2 conf]# nginx -s reload
[root@foundation71 kiosk]# curl -I bbs.westos.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Oct 2018 05:55:07 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.westos.org/bbs/
[root@foundation71 kiosk]# curl -I bbs.westos.org/index.html
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 07 Oct 2018 05:55:37 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.westos.org/bbs/index.html
301永久重定向
302临时重定向
[root@server2 conf]# mkdir /www1/bbs
[root@server2 conf]# cd /www1/bbs
[root@server2 bbs]# vim index.html
bbs.westos.org
[root@server2 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server{
listen 80;
server_name www.westos.org westos.org;
location / {
root /www1;
index index.html;
}
location ~ \.(gif|jpg|png)$ {
root /www1;
valid_referers none blocked www.westos.org;
if ($invalid_referer){
#return 403;
rewrite ^/ http://bbs.westos.org/daolian.jpg;
}
}
server{
listen 80;
server_name bbs.westos.org;
location / {
root /www2;
index index.html;
}
[root@server2 ~]# nginx -s reload