搭建Nginx服務器(網站服務 代理服務)
rpm -q gcc gcc-c++
yum -y groupinstall "開發工具"
useradd nginx
yum -y install pcre-devel 依賴包
yum -y install zlib-devel 依賴包
yum -y install openssl-devel 安全認證包
tar -zxvf nginx-1.8.0.tar.gz
cd nginx-1.8.0
./configure --prefix=/usr/local/nginx --user=nginx --gourp=nginx
\--with-http_stub_status_module --with-http_ssl_module(開啓認證)
make && make install
ls /usr/local/nginx/ 成功顯示以下文件證明安裝成功
conf html logs sbin
conf 配置文件: nginx.conf 主配置文件 nginx.conf.default 模版
html 網頁目錄
logs 日誌文件存放的目錄
sbin 存放啓動NGINX服務的啓動命令 nginx
啓動nginx服務(默認監聽80)
[root@squid nginx]# netstat -utnalp | grep :80 有http先停掉
[root@squid nginx]# /usr/local/nginx/sbin/nginx
[root@squid nginx]# netstat -utnalp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 92
[root@squid nginx]# echo 123 > /usr/local/nginx/html/test.html 寫網頁文件
[root@squid nginx]# elinks --dump http://localhost/test.html 客戶端測試
123
修改nginx服務端口:
mv nginx.conf nginx.conf.bak 備份配置文件
grep -v '^$\|#' nginx.conf.bak > nginx.conf 去除空行和註釋行後到新配置文件
vim nginx.conf 修改 listen 8080;
/usr/local/nginx/sbin/nginx -s stop 停服務
/usr/local/nginx/sbin/nginx 啓動服務
netstat -untlap | grep :8080
elinks --dump http://localhost:8080/test.html 指定端口測試
常用命令
[root@squid conf]# /usr/local/nginx/sbin/nginx -v 查看nginx版本
[root@squid conf]# /usr/local/nginx/sbin/nginx -V 查看nginx版本以及編安裝詳細信息
[root@squid conf]# /usr/local/nginx/sbin/nginx -t 測試配置文件是否正常
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx2.conf 指定配置文件啓動服務
停止服務的方法
/usr/local/nginx/sbin/nginx -s stop
killall -9 nginx
kill -信號 pid號
常見信號:
TERM, INT 快速關閉
QUIT 從容關閉,關閉主進程及子進程
HUP 重載配置文件
USR1 重新打開日誌文件
USR2 平滑升級可執行程序
重啓服務很方便
kill -HUP `cat /usr/local/nginx/logs/nginx.pid`
++++++++++++++++++++++++++++++++++
平滑升級(在線升級服務軟件的版本)
tar -zxvf nginx-1.9.2.tar.gz
cd nginx-1.9.2
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx
\--with-http_stub_status_module --with-http_ssl_module(開啓認證)
make
cd /usr/local/nginx/sbin
mv nginx nginxold 備份舊的執行程序
cd nginx-1.9.2/objs
cp nginx /usr/local/nginx/sbin/ 拷貝新版本執行程序
cd nginx-1.9.2
make upgrade 執行升級
[root@squid conf]# /usr/local/nginx/sbin/nginx -v 查看nginx版本 升級完成
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
虛擬主機(一臺服務器提高多個網站)
基於域名虛擬主機(根據客戶端訪問的主機名區分訪問)
基於端口虛擬主機
基於ip地址虛擬主機
++++++++++++++++++++++++++++++++++++++++++++++
基於域名虛擬主機
(服務器)
mkdir /wwwdir
mkdir /bbsdir
echo www > /wwwdir/a.html
echo bbs > /bbsdir/a.html
[root@A conf]# /usr/local/nginx/sbin/nginx -s stop 先停止服務
grep -v '^$' nginx.conf.default | grep -v '#' > nginx.conf
vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.tarena.com; 修改爲指定域名
location / {
root /wwwdir; 指定網頁目錄
index a.html; 指定默認首頁文件
}
}
server {
listen 80;
server_name bbs.tarena.com;
location / {
root /bbsdir;
index a.html;
}
}
}
}
./nginx -t 測試配置文件配置正確
./nginx 啓動服務
(客戶端)測試
vim /etc/hosts
172.25.254.151(服務端IP) www.tarena.com www
172.25.254.151(服務端IP) bbs.tarena.com bbs
:wq
ping www.tarena.com
ping bbs.tarena.com
elinks --dump ghtp://www.tarena.com
elinks --dump http://bbs.tarena.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
基於端口的虛擬主機(服務器根據客戶端訪問的端口區分訪問)
實驗需求
http://www.tarena.com -> /usr/local/nginx/html
http://www.tarena.com:8080 -> /wwwdir
http://www.tarena.com:8090 -> /bbsdir
vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.tarena.com;
location / {
root html;
index index.html;
}
}
server {
listen 8080; 指定不同端口
#server_name www.tarena.com; 註銷掉域名
location / {
root /wwwdir;
index a.html;
}
}
server {
listen 8090;
#server_name bbs.tarena.com;
location / {
root /bbsdir;
index a.html;
}
}
}
}
[root@A conf]# ../sbin/nginx -s stop
[root@A conf]# ../sbin/nginx
[root@A conf]# netstat -anptu |grep nginx
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 51193/nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 51193/nginx
tcp 0 0 0.0.0.0:8090 0.0.0.0:* LISTEN 51193/nginx
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
基於ip地址的虛擬主機
ifconfig eth0:1 1.0.0.200
vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 1.0.0.100:8090;
#server_name www.tarena.com;
location / {
root /wwwdir;
index a.html;
}
}
server {
listen 1.0.0.200:80;
#server_name bbs.tarena.com;
location / {
root /bbsdir;
index a.html;
}
}
}
[root@A conf]# ../sbin/nginx -s stop
[root@A conf]# ../sbin/nginx
[root@A conf]# netstat -anptu |grep nginx
tcp 0 0 1.0.0.200:80 0.0.0.0:* LISTEN 60910/nginx
tcp 0 0 1.0.0.100:8090 0.0.0.0:* LISTEN 60910/nginx
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
訪問控制
訪問控制 (默認允許所有客戶端訪問)
location / {
....
allow ip地址1; 允許的訪問
allow ip地址2;
#allow 172.40.1.0/14;
deny all;拒絕所有訪問
}
elinks http://172.25.254.151:8090 客戶端測試
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
用戶驗證(訪問網站頁面時,要提交正確用戶和密碼纔可以訪問)
location / {
.....
auth_basic "please input username and password";
auth_basic_user_file "/usr/local/nginx/conf/authuser.txt";
}
[root@squid conf]# kill -HUP `cat /usr/local/nginx/logs/nginx.pid` 重啓nginx服務
rpm -q httpd-tools 查詢有包沒
[root@squid conf]# htpasswd -c /usr/local/nginx/conf/user.txt tom 生成驗證文件,用戶名爲tom
New password: #輸入密碼
Re-type new password: #再次輸入密碼
Adding password for user webadmin #OK
[root@squid conf]# cat /usr/local/nginx/conf/user.txt
tom:VziCsLM3LWwXY
[root@squid conf]# htpasswd /usr/local/nginx/conf/user.txt tom2 創建第二個賬號爲tom2
New password:
Re-type new password:
Adding password for user tom2
[root@squid conf]# cat /usr/local/nginx/conf/user.txt 查看賬號文件 加密文件
tom:VziCsLM3LWwXY
tom2:gw4brc6MjcAqA
改成基於域名的服務 客戶端測試firefox http://www.tarena.com 提示輸入用戶名密碼,配置成功
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
配置SSL,安全認證
(支持客戶端使用https協議訪問)https 數據加密傳輸
80 http:// 443https://
服務器配置
1生成私鑰
2生成證書文件
3在服務的主配置文件裏調用私鑰 和證書
cd /usr/local/nginx/conf/
[root@squid conf]#openssl genrsa -out cert.key 2048 //生成私鑰
[root@squid conf]# openssl req -new -x509 -key cert.key -out cert.pem //生成證書
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN 中國代碼
State or Province Name (full name) []:beijing 州或者省
Locality Name (eg, city) [Default City]:beijing 城市
Organization Name (eg, company) [Default Company Ltd]:tarena 公司名
Organizational Unit Name (eg, section) []:mis 部門
Common Name (eg, your name or your server's hostname) []:www.tarena.com 域名
Email Address []:[email protected] 郵箱
[root@squid conf]#
server {
......
#listen 80;
listen 443 ssl;
server_name www.tarena.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
......
}
重啓nginx服務
客戶端配置firefox https://tarena.com 注意http後面加s
+++++++++++++++++++++++++++++++++++++++++++++++++++++
反向代理
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream "webgroup" { #定義源服務組
server 192.168.1.1:80 ;
server 192.168.1.2:8080 ;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://webgroup; 調用服務組
#proxy_pass http://192.168.1.1;
#root html;
#index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
客戶端測試.....................
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
nginx目前支持4種分配方式
輪詢(默認的): 逐一循環調度 (weight=1)
Weight:指定輪詢機率,權重值和訪問比率成正比
ip_hash:根據客戶端IP分配固定的後端服務器
Fair:按後端服務器響應時間短的優先分配
設置服務器組中服務器的狀態
down:表示當前server暫時不參與負載
max_fails:允許請求失敗的次數(默認爲1)
fail_timeout :max_fails次失敗後,暫停提供服務的時間
backup:備份服務器
舉例:
.............
upstream sergrp {
#ip_hash;
serer 1.0.0.100:80 weight=2; 輪訓權重爲2,不設默認爲1
server 1.0.0.200:80 down; 200不參與負載
server 1.0.0.201:80;
server 1.0.0.202:80 backup; 202爲備份服務器
server 1.0.0.203:80 max_fails=2 fail_timeout=30; 允許失敗2次,失敗後暫停服務時間30秒
}
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
訪問不同網頁格式
upstream "webgroup" {
server 192.168.1.1:80 max_fails=3 fail_timeout=30s;
server 192.168.1.2:8080;
}
upstream "htmlweb" {
server 192.168.1.1:80;
server 192.168.1.2:80;
}
upstream "phpweb" {
server 192.168.1.30:80;
server 192.168.1.40:80;
}
server {
listen 80;
location ~ \.html$ {
proxy_pass http://htmlweb;
}
location ~ \.php$ {
proxy_pass http://phpweb;
}
}
http://nginx_ip/a.html
http://nginx_ip/a.php