Nginx搭建与部署 --04
Posted FikL-09-19
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Nginx搭建与部署 --04相关的知识,希望对你有一定的参考价值。
一、nginx常用模块
1、目录索引模块
# ngx_http_autoindex_module
ngx_http_autoindex_module模块处理以斜杠字符('/')结尾的请求,并生成目录列表。
当ngx_http_index_module模块找不到索引文件时,通常会将请求传递给ngx_http_autoindex_module模块。
1.语法
Syntax: autoindex on | off;
Default:
autoindex off;
Context: http, server, location
2.配置
[root@web01 ~]# vim /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
server_name www.autoindex.com;
charset utf8; #若此处加入utf8,则需要修改nginx源配置文件的指向,移动放到末尾(因为是先解码,再扫描)
location /
root /mm/autoindex;
autoindex on;
2、访问网站正常,加down跳转目录页面
[root@web01 ~]# vim /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
server_name www.autoindex.com;
charset utf8;
location /
root /mm/autoindex;
index index.html;
location /down
root /mm/autoindex;
autoindex on;
#创建站点目录
[root@web01 ~]# mkdir -p /mm/autoindex/down
[root@web01 7]# echo "测试autoindex模块" > /mm/autoindex/index.html
#访问
http://www.autoindex.com/ 主页的网站
http://www.autoindex.com/mm/down/ 下载文件的目录
4、常用优化参数
#显示文件字节大小,默认是显示字节大小,配置为off之后,显示具体大小 M/G/K
Syntax: autoindex_exact_size on | off;
Default: autoindex_exact_size on;
Context: http, server, location
#显示文件的修改的具体时间,默认显示的时间与真实时间相差8小时,所以配置 on
Syntax: autoindex_localtime on | off;
Default: autoindex_localtime off;
Context: http, server, location
##### 5、完整配置
[root@web01 down]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
server_name www.autoindex.com;
charset utf8;
access_log /var/log/nginx/www.autoindex.com.log main;
location /
root /mm/autoindex;
index index.html;
location /down
root /mm/autoindex;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
#auth_basic "linux12 MM";
#auth_basic_user_file /etc/nginx/auth_basic;
## 重启nginx systemctl restart nginx
3、Nginx访问控制模块
#ngx_http_access_module
#允许访问的语法
Syntax: allow address | all;
Default: —
Context: http, server, location, limit_except
#拒绝访问的语法
Syntax: deny address | all;
Default: —
Context: http, server, location, limit_except
#如果配置允许,则也要配置拒绝;配置拒绝可以单独配置
## 2、配置访问控制示例
1>拒绝指定的IP,其他全部允许
[root@web01 mm]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
#server_name localhost;
server_name www.autoindex.com;
charset utf8;
location /
root /mm/autoindex;
#index index.html;
autoindex on;
location /down
root /mm/autoindex;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
deny 10.10.0.100;
allow all;
### 重启nginx systemctl restart nginx
2>只允许指定IP能访问, 其它全部拒绝
[root@web01 mm]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
#server_name localhost;
server_name www.autoindex.com;
charset utf8;
location /
root /mm/autoindex;
#index index.html;
autoindex on;
location /down
root /mm/autoindex;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
deny all;
allow 10.10.0.100; ---> #向下让上读取,把all放在最后,切记,切记!
### 重启nginx systemctl restart nginx
3>只允许10.0.0.100 访问,拒绝该网段其他IP
[[root@web01 mm]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
#server_name localhost;
server_name www.autoindex.com;
charset utf8;
location /
root /mm/autoindex;
index index.html;
location /down
root /mm/autoindex;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
allow 10.10.0.100;
deny 10.10.0.100/24;
### 重启nginx systemctl restart nginx
4、Nginx访问认证模块
# ngx_http_auth_basic_module
#开启的登录认证,没有用
Syntax: auth_basic string | off;
Default: auth_basic off;
Context: http, server, location, limit_except
#指定登录用的用户名密码文件
Syntax: auth_basic_user_file file;
Default: —
Context: http, server, location, limit_except
1、创建密码文件
#创建密码文件需要用到 htpasswd
[root@web01 ~]# htpasswd -c /etc/nginx/auth_basic xxx
New password: #123
Re-type new password:
Adding password for user xxx
#添加一个登录用户/
[root@web01 ~]# htpasswd /etc/nginx/auth_basic mm --去掉c
New password:
Re-type new password:
Adding password for user sd
#密码文件内容
[root@web01 autoindex]# cat /etc/nginx/auth_basic
lnd:$apr1$F3muI82n$GnNVXdEB6GGlIEapGEM3x1
3、配置访问登录
[[root@web01 autoindex]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
server_name www.autoindex.com;
charset utf8;
access_log /var/log/nginx/www.autoindex.com.log main;
location /
root /mm/autoindex;
index index.html;
location /down
root /mm/autoindex;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
auth_basic "欢迎访问";
auth_basic_user_file /etc/nginx/auth_basic;
### 重启nginx systemctl restart nginx
5、Nginx状态监控模块
# ngx_http_stub_status_module
ngx_http_stub_status_module模块提供对nginx基本状态信息的访问。
默认情况下不构建此模块,应使用--with-http_stub_status_module配置参数启用它
Syntax: stub_status;
Default: —
Context: server, location
1、配置
[root@web01 autoindex]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
server_name www.autoindex.com;
charset utf8;
access_log /var/log/nginx/www.autoindex.com.log main;
location /
root /mm/autoindex;
index index.html;
location /down
root /mm/autoindex;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
auth_basic "欢迎访问";
auth_basic_user_file /etc/nginx/auth_basic;
location = /basic_status
stub_status;
### 重启nginx systemctl restart nginx
2、访问
#访问 http://www.autoindex.com/basic_status
#nginx七种状态
Active connections: 2
server accepts handled requests
2 2 3
Reading: 0 Writing: 1 Waiting: 1
Active connections #活跃的连接数
accepts #TCP连接总数
handled #成功的TCP连接数
requests #成功的请求数
Reading #读取的请求头
Writing #响应头部
Waiting #等待的请求数,开启了keepalive
# 注意, 一次TCP的连接,可以发起多次http的请求, 如下参数可配置进行验证
keepalive_timeout 0; # 类似于关闭长连接
过滤nginx的请求连接数
[root@pingweb01 conf.d]# cat /etc/hosts
192.168.15.7 web01 linux.autoindex.com
[root@pingweb01 conf.d]# curl http://linux.autoindex.com/basic_status
Active connections: 3
server accepts handled requests
6 6 10
Reading: 0 Writing: 1 Waiting: 2
# 监控PV
curl -s http://linux.autoindex.com/basic_status | awk 'NR==3 print $3'
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-KagULU8m-1640439294896)(C:\\Users\\17155\\Desktop\\下载图片\\1617269971105.png)]
二、nginx模块回顾
1.目录索引模块
[root@web01 mm]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
server_name www.autoindex.com;
charset utf8;
access_log /var/log/nginx/www.autoindex.com.log main;
location /
root /mm/autoindex;
index index.html;
location /down
root /mm/autoindex;
autoindex on;
2.访问限制模块
#允许10.0.0.100访问,拒绝所有
[root@web01 mm]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
server_name www.autoindex.com;
charset utf8;
access_log /var/log/nginx/www.autoindex.com.log main;
location /
root /mm/autoindex;
index index.html;
location /down
root /mm/autoindex;
allow 10.0.0.100; #允许10.0.0.100访问,拒绝所有
deny all; #拒绝所有
3.访问控制模块
# 1.配置密码文件
[root@web01 ~]# htpasswd -c /etc/nginx/auth_basic lhd
New password: 123
Re-type new password: 123
Adding password for user lhd
# htpasswd -m /etc/nginx/auth_basic mm #设置多个用户连接
# 2.配置
[root@web01 mm]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
server_name www.autoindex.com;
charset utf8;
access_log /var/log/nginx/www.autoindex.com.log main;
location /
root /mm/autoindex;
index index.html;
location /down
root /mm/autoindex;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
auth_basic "欢迎访问"; # 随便写
auth_basic_user_file /etc/nginx/auth_basic;## 用户名密码
4.nginx状态模块
# 1.配置
[root@web01 mm]# cat /etc/nginx/conf.d/www.autoindex.com.conf
server
listen 80;
server_name www.autoindex.com;
charset utf8;
access_log /var/log/nginx/www.autoindex.com.log main;
location /
root /mm/autoindex;
index index.html;
location = /basic_status
stub_status;
# 2.页面
Active connections: 2
server accepts handled requests
5 5 12
Reading: 0 Writing: 1 Waiting: 1
# 3.监控网站的PV
[root@web01 ~]#curl -s http://www.autoindex.com/basic_status | awk 'NR==3 print $3'| awk 'NR==3 print $3'
12
5、连接限制模板
# ngx_http_limit_conn_module # 限制连接数
1.语法
#设置限制的空间
Syntax: limit_conn_zone key zone=name:size;
Default: —
Context: http
limit_conn_zone #设置空间的模块
key #空间存储的内容
zone #指定空间
=name #名字
:size; #大小
#调用限制的空间
Syntax: limit_conn zone number; # 限制速率
Default: —
Context: http, server, location
limit_conn #调用空间的模块
zone #空间的名字
number; #指定可以同时连接的次数
2.配置
[root@web01 mm]# cat /etc/nginx/conf.d/www.autoindex.com.conf
limit_conn_zone $remote_addr zone=conn_zone:20m;
server
listen 80;
server_name www.autoindex.com;
charset utf8;
access_log /var/log/nginx/www.autoindex.com.log main;
limit_conn conn_zone 2;
location /
root /mm/autoindex;
index index.html;
location /down
root /mm/autoindex;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
auth_basic "欢迎访问";
auth_basic_user_file /etc/nginx/auth_basic;
location = /basic_status
stub_status;
6、请求限制模块
# 1.语法
#调用空间的语法
Syntax: limit_req_zone key zone=name:size rate=rate [sync];
Default: —
Context: http
limit_req_zone #设置空间的模块
key #空间存储的内容
zone #指定空间
=name #名字
:size #大小
rate=rate [sync]; #读写速率
#限制的语法
Syntax: limit_req zone=name [burst=number] [nodelay | delay=number];
Default: —
Context: http, server, location
limit_req #调用控件模块
zone=name #指定空间=空间的名字
[burst=number] #允许多请求几次
[nodelay | delay=number]; #延时
2、配置
[root@web01 ~]#cat/etc/nginx/conf.d/www.autoindex.com.conf
limit_conn_zone $remote_addr zone=conn_zone:20m;
limit_req_zone $remote_addr zone=req_zone:20m rate=100r/s;
server
listen 80;
server_name www.autoindex.com;
charset utf8;
limit_conn conn_zone 100;
limit_req zone=req_zone;
#limit_req zone=req_zone burst=8 nodelay;
location /
root /mm/autoindex;
index index.html;
# 对比
ngx_http_limit_conn_module : 限制连接数据
ngx_http_limit_rep_module :限制访问的频率
3、测试
[root@web01 ~]# ab -n 1000 -c 20 http://www.autoindex.com/index.html
三、nginx的location配置
使用Nginx Location可以控制访问网站的路径,但一个server可以有多个location配置, 多个location的优先级该如何区分:
http://nginx.org/en/docs/http/ngx_http_core_module.html #location
1.语法
Syntax: location [ = | ~ | ~* | ^~ ] uri ...
location @name ...
Default: —
Context: server, location
# nginx匹配两个数字
[0-9]2
# nginx匹配小写字母2个
[a-z]2
# nginx匹配小写字母2个
[a-z]1,2
2.location匹配符
| 匹配符 | 匹配规则 | 优先级 |
|---|---|---|
| = | 精确匹配 | 1 |
| ^~ | 以某个字符串开头 | 2 |
| ~ | 区分大小写的正则匹配 | 3 |
| ~* | 不区分大小写的正则匹配 | 3 |
| / | 通用匹配,任何请求都会匹配到 | 4 |
3.优先级验证 – #了解
[root@web01 ~]# vim /etc/nginx/conf.d/mm2021.conf ###优先级验证
server
listen 80;
server_name linux12.test.com;
location /
default_type text/html; #文档字符
return 200 "location /";
location =/
default_type text/html;
return 200 "location =/";
location ~ /
default_type text/html;
return 200 "location ~/";
# location ^~ /
# default_type text/html;
# return 200 "location ^~";
#
4.Locaiton应用场景
# 通用匹配,任何请求都会匹配到
location /
...
# 严格区分大小写,匹配以.php结尾的都走这个location
location ~ \\.php$
...
# 严格区分大小写,匹配以.jsp结尾的都走这个location
location ~ \\.jsp$
...
# 不区分大小写匹配,只要用户访问.jpg,gif,png,js,css 都走这条location
location ~* .*\\.(jpg|gif|png|js|css)$
...
http://linux.test.com/1.PHP
http://linux.test.com/1.JPG
http://linux.test.com/1.jsp
http://linux.test.com/1.Gif
http://linux.test.com/1.PnG
http://linux.test.com/1.JsP
on ~/";
# location ^~ /
# default_type text/html;
# return 200 "location ^~";
#
4.Locaiton应用场景
# 通用匹配,任何请求都会匹配到
location /
...
# 严格区分大小写,匹配以.php结尾的都走这个location
location ~ \\.php$
...
# 严格区分大小写,匹配以.jsp结尾的都走这个location
location ~ \\.jsp$
...
# 不区分大小写匹配,只要用户访问.jpg,gif,png,js,css 都走这条location
location ~* .*\\.(jpg|gif|png|js|css)$
...
http://linux.test.com/1.PHP
http://linux.test.com/1.JPG
http://linux.test.com/1.jsp
http://linux.test.com/1.Gif
http://linux.test.com/1.PnG
http://linux.test.com/1.JsP
以上是关于Nginx搭建与部署 --04的主要内容,如果未能解决你的问题,请参考以下文章
Ubuntu 16.04下配置nginx与nodejs以及服务的部署
PHP如何搭建服务器环境 原生篇 | Ubuntu 18.04 + PHP8.1 + MySQL5.7 + Nginx 1.4
PHP如何搭建服务器环境 原生篇 | Ubuntu 18.04 + PHP8.1 + MySQL5.7 + Nginx 1.4