编译安装nginx并软连接
一件安装nginx
编译安装nginx负载均衡
下载:
mkdir -p /server/tools
cd /server/tools
wget http://nginx.org/download/nginx-1.16.0.tar.gz
#安装依赖。
yum install pcre pcre-devel -y
yum install openssl openssl-devel -y #https加密用他。
#编译安装步骤
tar xf nginx-1.16.0.tar.gz
cd nginx-1.16.0/
useradd -s /sbin/nologin www -M
id www
./configure --user=www --group=www --prefix=/application/nginx-1.16.0/ --with-http_stub_status_module --with-http_ssl_module --with-pcre
make
make install
ln -s /application/nginx-1.16.0/ /application/nginx
/application/nginx/sbin/nginx
netstat -lntup|grep nginx
一、实践基于域名的虚拟主机
1、配置基于域名的nginx.conf内容
先使用grep命令过滤命令来生成基础的Nginx主配置文件nginx.conf,然后根据生成的初始配置文件进行修改,使他成为所需要的形式,具体命令如下:
[root@web02 ~]# cd /application/nginx/conf/
[root@web02 /application/nginx/conf]# egrep -v "^$|#" nginx.conf.default >nginx.conf 《===过滤包含#号和空行生成新的文件nginx.conf
或者直接创建新的配置文件mginx.conf然后编辑,输入内容如下:
[root@web02 /application/nginx/conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 server {
11 listen 80;
12 server_name www.etiantian.org;
13 location / {
14 root html/www;
15 index index.html index.htm;
16 }
17 }
18 }
2、创建域名对应的站点及文件
此处配置的是基于域名的虚拟主机,创建对应的站点目录及文件,命令如下:
[root@web02 /application/nginx/conf]# mkdir ../html/www 《==../表示上级目录及/application/nginx
[root@web02 /application/nginx/conf]# echo "www.etiantian.org" >../html/www/index.html
[root@web02 /application/nginx/conf]# cat ../html/www/index.html
www.etiantian.org
上述命令是在/application/nginx/html下创建了一个www的站点目录,并把“www.etiantian.org”重定向到index.html《==这里面是网页显示的内容
3、检查语法并重新加载
先检查修改过的Nginx配置文件语法是否正确
[root@web02 /application/nginx/conf]# echo 'PATH="/application/nginx/sbin:$PATH"' >>/etc/profile
[root@web02 /application/nginx/conf]# . /etc/profile
[root@web02 /application/nginx/conf]# echo $PATH
/application/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]#
如果出现ok和succeed说明语法正确
然后平滑重启Nginx,及重新加载配置文件
[root@web02 /application/nginx/conf]# nginx -s reload
最后测试域名站点配置的访问结果。这里分为Linux客户端和windows客户端。
下面是针对Linux客户端的访问:
[root@web02 /application/nginx/conf]# echo "10.0.0.8 www.etiantian.org" >>/etc/hosts
[root@web02 /application/nginx/conf]# tail -1 /etc/hosts
10.0.0.8 www.etiantian.org
[root@web02 /application/nginx/conf]# curl www.etiantian.org
www.etiantian.org
下面是针对Windows客户端浏览器进行访问。
如果域名没有解析,可以在笔记本上编辑一个hosts文件,添加hosts解析记录
windows客户端hosts文件路径是:C盘的system root\system32\dirves\etc\hosts
添加10.0.0.8 www.etiantian.org
配置好后在dos提示行检查一下结果,如下:
WINDOWS下测试:
C:\Windows\System32\drivers\etc\hosts
10.0.0.8 www.etiantian.org
ping www.etiantian.org返回10.0.0.8就是对的
4、配置多个基于域名的虚拟主机
(1)增加新域名对应的配置
在1、中已经添加了一个www.etiantian.org虚拟主机的配置,再增加两个虚拟主机的配置。站点域名为bbs.etiantian.org、blog.etiantian.org增加的配置一定要在nginx.conf的http{ }区块内,最好放在www.etiantian.org虚拟主机配置的享下面增加的内容如下:
[root@web02 /application/nginx/conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 server {
11 listen 80;
12 server_name www.etiantian.org;
13 location / {
14 root html/www;
15 index index.html index.htm;
16 }
17 }
18 server {
19 listen 80;
20 server_name bbs.etiantian.org;
21 location / {
22 root html/bbs;
23 index index.html index.htm;
24 }
25 }
26 server {
27 listen 80;
28 server_name blog.etiantian.org;
▽ 29 location / {
30 root html/blog;
31 index index.html index.htm;
32 }
33 }
34 }
(2)创建新虚拟主机站点对应的目录及文件
创建上述两个新增域名分别对应的站点目录及文件,命令如下:
[root@web02 /application/nginx/conf]# mkdir ../html/{bbs,blog}
[root@web02 /application/nginx/conf]# echo "bbs.etiantian.org" >../html/bbs/index.html
[root@web02 /application/nginx/conf]# echo "blog.etiantian.org" >../html/blog/index.html
[root@web02 /application/nginx/conf]#
[root@web02 /application/nginx/conf]#
[root@web02 /application/nginx/conf]# cat ../html/blog/index.html
blog.etiantian.org
[root@web02 /application/nginx/conf]# cat ../html/bbs/index.html
bbs.etiantian.org
(3)重新加载Nginx配置
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]#
(4)在客户端测试
同样,这里分为Linux客户端和windows客户端。
下面是针对Linux客户端的访问:
[root@web02 /application/nginx/conf]# tail -1 /etc/hosts
10.0.0.8 www.etiantian.org bbs.etiantian.org blog.etiantian.org
[root@web02 /application/nginx/conf]# curl www.etiantian.org
www.etiantian.org
[root@web02 /application/nginx/conf]# curl bbs.etiantian.org
bbs.etiantian.org
[root@web02 /application/nginx/conf]# curl blog.etiantian.org
blog.etiantian.org
下面是针对Windows客户端浏览器进行访问。如下:
Windows下测试:
C:\Windows\System32\drivers\etc\hosts
10.0.0.8 www.etiantian.org bbs.etiantian.org blog.etiantian.org
如果配置完成后,以后为了排错和留着用,可以做一个备份,命令如下:
[root@web02 /application/nginx/conf]# /bin/cp nginx.conf nginx.conf_BashName
二、基于端口虚拟主机实践:
基于端口的虚拟主机配置实战基于端口的虚拟主机在生产环境中不多见,仅偶尔会用到,一般为公司内部人员提供访问,如OA系统、网站程序的后台、CMS发布后台、MySQL的Web客户端 phpmyadmin等,使用特殊端口多是从安全上考虑的。下面讲下基于端口的虚拟主机相关配置部署。
1.配置虚拟主机监听的端口
如果要配置基于端口的虚拟主机,就需要为每个虚拟主机配置不同的端口。这里以上述基于域名的3个虚拟主机为例进行讲解。首先,编辑nginx.conf主配置文件,然后把每个虚拟主机的“listen 80;"这个配置行的80数字端口修改掉,内容见下文,注意 server name域名位置可以不做任何变更,哪怕是相同域名也可以,因为,基于端口的虚拟主机就是通过端口来唯一区别不同的虚拟主机的,只要端口不同就是不同的虚拟主机。
2.修改虚拟主机配置
经过修改后,完整的基于端口的多个虚拟主机配置如下:
[root@web02 ~]# cd /application/nginx/conf/
[root@web02 /application/nginx/conf]# cp nginx.conf{,_BaseName}
[root@web02 /application/nginx/conf]# ls
fastcgi.conf index.html mime.types.default scgi_params win-utf
fastcgi.conf.default koi-utf nginx.conf scgi_params.default
fastcgi_params koi-win nginx.conf_BaseName uwsgi_params
fastcgi_params.default mime.types nginx.conf.default uwsgi_params.default
[root@web02 /application/nginx/conf]# vim nginx.conf
keepalive_timeout 65;
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
}
server {
listen 81;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.html index.htm;
}
}
server {
listen 82;
server_name blog.etiantian.org;
location / {
root html/blog;
index index.html index.htm;
}
}
}
3、检查语法重新加载匹配生效
[root@web02 /application/nginx/conf]# netstat -lntup|grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14322/nginx: master
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]# netstat -lntup|grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14322/nginx: master
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 14322/nginx: master
tcp 0 0 0.0.0.0:82 0.0.0.0:* LISTEN 14322/nginx: master
4、测试不同端口访问结果,如下:
[root@web02 /application/nginx/conf]# curl www.etiantian.org:80
www.etiantian.org
[root@web02 /application/nginx/conf]# curl bbs.etiantian.org:81
bbs.etiantian.org
[root@web02 /application/nginx/conf]# curl blog.etiantian.org:82
blog.etiantian.org
浏览到的内容如果和URL地址栏里的域名部分一样,就表示配置正确了。Nginx虚拟主机宜方帮助的网址为:
http://Nginx.org/en/docs/http/request_processing.html
三、基于IP的虚拟主机配置实战
基于IP的虚拟主机在生产环境中的应用更为少见,因此、本节的内容读者了解即可
1,在服务器网卡上增加多个IP
然要配置基于卫P的虚拟主机, i让每个虚拟主机有不同的IP地址,此处以增加辅助IP的形式临时在etho 正在联网识别并翻译...IP,命令如下:
[root@web02 ~]# ip addr add 10.0.0.9 dev eth0 label eth0:9
[root@web02 ~]# ip addr add 10.0.0.10 dev eth0 label eth0:10
检查配置生效结果:
[root@web02 ~]# ifconfig
eth0: flags=4163 mtu 1500
inet 10.0.0.8 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fe12:170c prefixlen 64 scopeid 0x20
ether 00:0c:29:12:17:0c txqueuelen 1000 (Ethernet)
RX packets 21765 bytes 18029629 (17.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12171 bytes 1426129 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:9: flags=4163 mtu 1500
inet 10.0.0.9 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:12:17:0c txqueuelen 1000 (Ethernet)
eth0:10: flags=4163 mtu 1500
inet 10.0.0.10 netmask 255.255.255.255 broadcast 0.0.0.0
2、添加虚拟主机配置
基于IP的虚拟主机实际配置示例如下。这是一个端口和IP混合的虚拟主机示例,读者可以自行修改,使其仅仅基于IP,即每个虚拟主机的server name字段都换成IP地址
[root@web02 /application/nginx/conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 server {
11 listen 10.0.0.8:80;
12 server_name www.etiantian.org;
13 location / {
14 root html/www;
15 index index.html index.htm;
16 }
17 }
18 server {
19 listen 10.0.0.9:80;
20 server_name bbs.etiantian.org;
21 location / {
22 root html/bbs;
23 index index.html index.htm;
24 }
25 }
26 server {
27 listen 10.0.0.10:80;
28 server_name blog.etiantian.org;
29 location / {
30 root html/blog;
31 index index.html index.htm;
32 }
33 }
34 }
3、检查语法并平滑重启
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]#
有时候特殊,必须关掉之后再开启Nginx
[root@web02 /application/nginx/conf]# nginx -s stop
[root@web02 /application/nginx/conf]# nginx
[root@web02 /application/nginx/conf]# netstat -lntup|grep nginx
tcp 0 0 10.0.0.10:80 0.0.0.0:* LISTEN 14967/nginx: master
tcp 0 0 10.0.0.9:80 0.0.0.0:* LISTEN 14967/nginx: master
tcp 0 0 10.0.0.8:80 0.0.0.0:* LISTEN 14967/nginx: master
[root@web02 /application/nginx/conf]# curl 10.0.0.8
www.etiantian.org
[root@web02 /application/nginx/conf]# curl 10.0.0.9
bbs.etiantian.org
[root@web02 /application/nginx/conf]# curl 10.0.0.10
blog.etiantian.org
一:什么是恶意域名解析
一般情况下,要使域名能访问到网站需要两步,第一步,将域名解析到网站所在的主机,第二步,在web服务器中将域名与相应的网站绑定。但是,如果通过主机IP能直接访问某网站,那么把域名解析到这个IP也将能访问到该网站,而无需在主机上绑定,也就是说任何人将任何域名解析到这个IP就能访问到这个网站。
二:恶意域名解析的危害
可能您并不介意通过别人的域名访问到您的网站,但是如果这个域名是未备案域名呢?
假如那域名是不友善的域名,比如曾经指向非法网站,容易引发搜索引擎惩罚,连带IP受到牵连。即使域
没什么问题,但流量也会被劫持到别的域名,从而遭到广告联盟的封杀。
三;如何防止,配置里第一个标签如下配置
server{
listen 80;
server_name _default;
return 500;
}
1、规范优化Nginx配置文件
优化nginx配置的实战方案:
具体步骤如下:
[root@web02 /application/nginx/conf]# mkdir extra
[root@web02 /application/nginx/conf]# sed -n '10,17p' nginx.conf
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf]# sed -n '10,17p' nginx.conf >extra/01_www.conf
[root@web02 /application/nginx/conf]# sed -n '18,25p' nginx.conf
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf]# sed -n '18,25p' nginx.conf >extra/02_bbs.conf
[root@web02 /application/nginx/conf]# sed -n '26,33p' nginx.conf
server {
listen 80;
server_name blog.etiantian.org;
location / {
root html/blog;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf]# sed -n '26,33p' nginx.conf >extra/03_blog.conf
删除nginx主配置文件10到33行的内容,谨慎
(1)提前配置文件命令如下:
[root@web02 /application/nginx/conf]# sed -i '10,33d' nginx.conf
[root@web02 /application/nginx/conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
}
(2)执行下面的插入命令
[root@web02 /application/nginx/conf]# sed -i '10 i include extra/01_www.conf;\ninclude extra/02_bbs.conf;\ninclude extra/03_blog.conf;' nginx.conf
[root@web02 /application/nginx/conf]#
上述sed命令是在nginx.conf配置文件中加入三行包含虚拟主机文件的配置
如下:
[root@web02 /application/nginx/conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/01_www.conf;
include extra/02_bbs.conf;
include extra/03_blog.conf;
}
(3)重新加载配置,并测试
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]# curl www.etiantian.org
www.etiantian.org
[root@web02 /application/nginx/conf]# curl bbs.etiantian.org
bbs.etiantian.org
[root@web02 /application/nginx/conf]# curl blog.etiantian.org
blog.etiantian.org
优化Nginx配置文件进行网站访问,一切正常!
通过主配置文件中加上include包含的配置,可以让Nginx的配置更简单,修改的最终的配置内容如下:
[root@web02 /application/nginx/conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/01_www.conf;
include extra/02_bbs.conf;
include extra/03_blog.conf;
}
[root@web02 /application/nginx/conf]# cd extra/
[root@web02 /application/nginx/conf/extra]# cat 01_www.conf
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf/extra]# cat 02_bbs.conf
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf/extra]# cat 03_blog.conf
server {
listen 80;
server_name blog.etiantian.org;
location / {
root html/blog;
index index.html index.htm;
}
}
Nginx status介绍
检查编译安装是是否安装模块
[root@web02 /application/nginx/conf]# nginx -v
nginx version: nginx/1.16.0
[root@web02 /application/nginx/conf]#
[root@web02 /application/nginx/conf]#
[root@web02 /application/nginx/conf]# nginx -V
nginx version: nginx/1.16.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/application/nginx-1.16.0/ --with-http_stub_status_module --with-http_ssl_module --with-pcre
1》增加状态配置参数
stub_status on;
access_log off;
[root@web02 /application/nginx/conf]# cat extra/04_status.conf
#status
server{
listen 80;
server_name status.etiantian.org;
location / {
stub_status on;
access_log off;
}
}
[root@web02 /application/nginx/conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/01_www.conf;
include extra/02_bbs.conf;
include extra/03_blog.conf;
}
2》语法检查
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
3》windows客户端hosts解析
10.0.0.8 www.etiantian.org bbs.etiantian.org blog.etiantian.org status.etiantian.org
image.png