12.Nginx介绍，安装，配置默认虚拟主机，重定向

Posted 2020-10-27

[toc]

12.5 nginx介绍

官网：nginx.org

因为nginx处理静态文件的能力要比apache好很多，所以很多企业在建站的时候一般都是用java写的，然后会选择tomcat，但是tomcat处理静态文件的能力不是太好就会叠加选择nginx。

nginx特点：

体积小
处理能力强
并发高
可扩展性好
Nginx应用场景：

web服务
反向代理
负载均衡
Nginx著名分支，淘宝基于Nginx开发的Tengine，使用上和Nginx一致，服务名，配置文件名都一样，和Nginx的最大区别在于Tenging增加了一些定制化模块，在安全限速方面表现突出，另外它支持对js，css合并
Nginx核心+lua(开发语言)相关的组件和模块组成了一个支持lua的高性能web容器openresty，参考http://jinnianshilongnian.iteye.com/blog/2280928 

12.6 下载配置安装Nginx

1.下载解压

[[email protected] php-5.6.30]# cd /usr/local/src
[[email protected] src]# wget http://nginx.org/download/nginx-1.12.1.tar.gz
[[email protected] src]# tar zvxf nginx-1.12.1.tar.gz

2.进入安装源码包，配置，make&make install

[[email protected] src]# cd nginx-1.12.1/
[[email protected] nginx-1.12.1]# ./configure --prefix=/usr/local/nginx

Nginx目录,四个目录： conf ， html ， logs ， sbin

• [ ] conf：nginx配置文件

• [ ] html：主页样例文件

• [ ] logs：站点日志

• [ ] sbin：核心进程文件

[[email protected] nginx-1.12.1]# ls /usr/local/nginx
conf  html  logs  sbin

[[email protected] nginx-1.12.1]# ls /usr/local/nginx/conf
fastcgi.conf            koi-utf             nginx.conf           uwsgi_params
fastcgi.conf.default    koi-win             nginx.conf.default   uwsgi_params.default
fastcgi_params          mime.types          scgi_params          win-utf
fastcgi_params.default  mime.types.default  scgi_params.default

[[email protected] nginx-1.12.1]# ls /usr/local/nginx/html
50x.html  index.html

[[email protected] nginx-1.12.1]# ls /usr/local/nginx/logs/

[[email protected] nginx-1.12.1]# ls /usr/local/nginx/sbin/
nginx
[[email protected] nginx-1.12.1]# ls /usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/nginx

测试配置语法错误nginx -t

[[email protected] nginx-1.12.1]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

3.Nginx配置

3.1 制作启动脚本

[[email protected] nginx-1.12.1]# vim /etc/init.d/nginx
//增加以下内容：

#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start() 
{
    echo -n $"Starting $prog: "
    mkdir -p /dev/shm/nginx_temp
    daemon $NGINX_SBIN -c $NGINX_CONF
    RETVAL=$?
    echo
    return $RETVAL
}
stop() 
{
    echo -n $"Stopping $prog: "
    killproc -p $NGINX_PID $NGINX_SBIN -TERM
    rm -rf /dev/shm/nginx_temp
    RETVAL=$?
    echo
    return $RETVAL
}
reload()
{
    echo -n $"Reloading $prog: "
    killproc -p $NGINX_PID $NGINX_SBIN -HUP
    RETVAL=$?
    echo
    return $RETVAL
}
restart()
{
    stop
    start
}
configtest()
{
    $NGINX_SBIN -c $NGINX_CONF -t
    return 0
}
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  reload)
        reload
        ;;
  restart)
        restart
        ;;
  configtest)
        configtest
        ;;
  *)
        echo $"Usage: $0 {start|stop|reload|restart|configtest}"
        RETVAL=1
esac
exit $RETVAL

3.2 更改权限

chmod 755 /etc/init.d/nginx

3.3 配置开机启动

chkconfig --add nginx

chkconfig nginx on

[[email protected] nginx-1.12.1]# chmod 755 /etc/init.d/nginx

[[email protected] nginx-1.12.1]# chkconfig --add nginx

[[email protected] nginx-1.12.1]# chkconfig nginx on

3.4 编辑配置文件

cd /usr/local/nginx/conf/

mv nginx.conf nginx.conf.bak //不使用系统自带的配置模板，把自带的备份下

vim nginx.conf
//拷贝如下配置文件：

user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
    use epoll;
    worker_connections 6000;
}
http
{
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 3526;
    server_names_hash_max_size 4096;
    log_format combined_realip ‘$remote_addr $http_x_forwarded_for [$time_local]‘
    ‘ $host "$request_uri" $status‘
    ‘ "$http_referer" "$http_user_agent"‘;
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 30;
    client_header_timeout 3m;
    client_body_timeout 3m;
    send_timeout 3m;
    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 8 4k;
    request_pool_size 4k;
    output_buffers 4 32k;
    postpone_output 1460;
    client_max_body_size 10m;
    client_body_buffer_size 256k;
    client_body_temp_path /usr/local/nginx/client_body_temp;
    proxy_temp_path /usr/local/nginx/proxy_temp;
    fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
    fastcgi_intercept_errors on;
    tcp_nodelay on;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css text/htm 
    application/xml;
    server
    {
        listen 80;
        server_name localhost;
        index index.html index.htm index.php;
        root /usr/local/nginx/html;
        location ~ \.php$ 
        {
            include fastcgi_params;
            fastcgi_pass unix:/tmp/php-fcgi.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
        }    
    }
}

3.5 配置详解：

参考文章：http://www.okay686.cn/510.html

user nobody nobody; 运行服务的用户是谁

worker_processes 2;定义子进程的数量

worker_rlimit_nofile
51200;最多可以打开多少个文件

worker_connections 6000;允许最大的连接数

server; 下面对应的就是虚拟主机配置

server_name localhost;定义网站的域名

root /usr/local/nginx/html;定义网站的根目录

location ~ .php$;配置解析PHP

fastcgi_pass unix:/tmp/php-fcgi.sock;监听端口或者监听socket，通过此命令去执行

fastcgi_pass 127.0.0.1:9000;（或者携程这种方式，服务器IP地址+端口）

3.6 启动nginx服务

[[email protected] conf]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] conf]# /etc/init.d/nginx start
Starting nginx (via systemctl):                            [  确定  ]
[[email protected] conf]# ps aux |grep nginx
root     124541  0.0  0.0  20500   628 ?        Ss   00:11   0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody   124542  0.0  0.1  25028  3508 ?        S    00:11   0:00 nginx: worker process
nobody   124543  0.0  0.1  25028  3248 ?        S    00:11   0:00 nginx: worker process
root     124553  0.0  0.0 112680   976 pts/0    S+   00:11   0:00 grep --color=auto nginx

3.7 curl localhost //本地测试 nginx

vim /usr/local/nginx/html/1.php //编辑一个测试php页面

[[email protected] conf]# curl localhost/1.php
this is nginx test page[[email protected] conf]# 

12.7 Nginx默认虚拟主机

在Nginx中也有默认虚拟主机，跟httpd类似，第一个被Nginx加载的虚拟主机就是默认主机，但和httpd不相同的地方是，它还有一个配置用来标记默认虚拟主机，也就是说，如果没有这个标记，第一个虚拟主机为默认虚拟主机。

1.编辑修改配置文件nginx.conf,增加一句： include vhost/*.conf;

[[email protected] ~]# cd /usr/local/nginx/conf/
[[email protected] conf]# vim /usr/local/nginx/conf/nginx.conf
 加入这行：include vhost/*.conf;

加入这行，意思是/usr/local/nginx/conf/vhost/下面所有以.conf结尾的文件都会加载，这样可以把所有虚拟主机配置文件放到vhost目录下面了

2.把server的定义删除，为方便后续实验

3.创建一个vhost的子目录

[[email protected] conf]# pwd
/usr/local/nginx/conf
[[email protected] conf]# mkdir vhost
[[email protected] conf]# cd vhost/
[[email protected] vhost]# ls

[[email protected] vhost]# vim aaa.com.conf

4 创建创建vhost目录及配置文件and虚拟server

有这个default_server标记的就是默认虚拟主机

server
    {
        listen 80 default_server; //有这个default_server标记的就是默认虚拟主机
        server_name aaa.com;
        index index.html index.htm index.php;
        root /data/wwwroot/default;
    }

5. 创建测试页面 index.html

[[email protected] vhost]# cd /data/wwwroot/default/
[[email protected] default]# ls
[[email protected] default]# vim index.html
[[email protected] default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

6. 重载并测试

[[email protected] default]# /usr/local/nginx/sbin/nginx -s reload
[[email protected] default]# curl localhost
this is the default site.

7.访问aaa.com,访问没有定义过的域名，也会访问到aaa.com

[[email protected] default]# curl -x127.0.0.1:80 aaa.com
this is the default site.
[[email protected] default]# curl -x127.0.0.1:80 bbb.com
this is the default site.
[[email protected] default]# curl -x127.0.0.1:80 bbcb.com
this is the default site.
[[email protected] default]# tail /usr/local/nginx/conf/nginx.conf
    tcp_nodelay on;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css text/htm 
    application/xml;
    include vhost/*.conf;
}

12.8 Nginx用户认证

1. 再创建一个新的虚拟主机

[[email protected] default]# cd /usr/local/nginx/conf/vhost/
[[email protected] vhost]# vim test.com.conf

server
{
   listen 80;                  
   server_name test.com;
   index index.html index.htm index.php;
   root /data/nginx/test.com;

   location /     //用户认证等信息
     {
       auth_basic         "Auth";
       auth_basic_user_file /usr/local/nginx/conf/htpasswd;  //密码文件
     }
}

2. yum install -y httpd //安装httpd,也可以使用之前编译安装的apache2.4

[[email protected] vhost]# htpasswd -c /usr/local/nginx/conf/htpasswd xavi //创建xavi用户
New password: 
Re-type new password: 
Adding password for user xavi

Apache方法：# /usr/local/apache2.4/bin/htpasswd -c /usr/local/nginx/conf/htpasswd xavi

再次创建一个新用户，不用再用-c了

[[email protected] vhost]# htpasswd /usr/local/nginx/conf/htpasswd user1
New password:

• 查看密码文件

  [[email protected] vhost]# cat /usr/local/nginx/conf/htpasswd
  xavi:$apr1$mzzjFU/B$/il2XbQfytr2RPw/LuRdH0
  user1:$apr1$2tDxaHTk$Imu4zmH68YrUtK0h7l2.p.

  3.测试并重载配置

/usr/local/nginx/sbin/nginx -t

/usr/local/nginx/sbin/nginx -s reload

[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload

4.总结：两句核心配置语句，auth_basic打开认证，auth_basic_user_file指定用户密码文件。生成密码工具需要借助apache的htpasswd。Nginx不自带这个工具。

5.使用curl命令来验证

[[email protected] vhost]# curl -x127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.1
Date: Wed, 14 Mar 2018 13:47:04 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
//401状态码，说明访问需要验证

6.用户认证测试主机

[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>

报错404，找到原料文件路径并未创建

[[email protected] vhost]# ls /data/nginx/test.com/
ls: 无法访问/data/nginx/test.com/: 没有那个文件或目录
[[email protected] vhost]# mkdir -p /data/nginx/test.com
[[email protected] vhost]# echo "test.com" > /data/nginx/test.com/index.html
[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
test.com

7.针对某个目录做用户认证，比如/admin,需要修改location后面的路径

有时候我们需要对某个访问目录或者页面进行认证，而不是全站。所以我们需要对配置文件进行更改：

[[email protected] vhost]# vim test.com.conf

server
{
   listen 80;
   server_name test.com;
   index index.html index.htm index.php;
   root /data/nginx/test.com;

   location /admin/
     {
       auth_basic         "Auth";
       auth_basic_user_file /usr/local/nginx/conf/htpasswd;
     }
}

[[email protected] vhost]# vim test.com.conf
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload

[[email protected] vhost]# curl -x127.0.0.1:80 test.com
test.com
[[email protected] vhost]# curl -x127.0.0.1:80 test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>

排故过程：对摸个目录做用户认证，该目录是有效的路径，实际存在，且目录下的测试文档index.html下需要编辑一定内容，方便查看测试结果

[[email protected] vhost]# curl -x127.0.0.1:80 test.com
test.com
[[email protected] vhost]# curl -x127.0.0.1:80 test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin/
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
test.com
[[email protected] vhost]# mkdir /data/nginx/test.com/admin
[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
test.com
[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin/
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[[email protected] vhost]# echo "test admin dir" > /data/nginx/test.com/admin/index.html
[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin/
test admin dir

8. 针对某个特殊页面进行认证：

   location ~ admin.php
     {
       auth_basic         "Auth";
       auth_basic_user_file /usr/local/nginx/conf/htpasswd;
     }
}

* 重载配置文件 -t&-reload

[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload

测试

[[email protected] vhost]# curl -x127.0.0.1:80 test.com/admin/
test admin dir

排查错误：找到原因是没有创建admin.php文件

[[email protected] vhost]# curl -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[[email protected] vhost]# vim /data/nginx/test.com/admin.php
[[email protected] vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin.php
<?php
echo "this is a test for admin.php";

12.9 Nginx域名重定向

Nginx的域名重定向与httpd类似，但更容易理解
只要Apache能实现的功能，Nginx也全部可以实现。不然也不会有那么多企业使用nginx服务。

当我们站点有多个域名的时候，权重降低了，但是之前的域名已经被一部分人所依赖了，也不可能去通知大家新的站点，所以我们就会选择一个主域名其它的均302跳转过来！

1. 配置atorreid.com.conf

vim atorreid.com.conf

server
{
    listen 80 default_server;
    server_name atorreid.com xavi.com abc.com;
    index index.html index.htm index.php;
    root /data/nginx/www.torreid.com;
    if ($host != ‘torreid.com‘ ) {
        rewrite  ^/(.*)$  http://torreid.com/$1  permanent;

     location /
     {
       auth_basic         "Auth";
       auth_basic_user_file /usr/local/nginx/conf/htpasswd;
     }
}

在Nginx配置在，server_name后面可以跟多个域名，permanent为永久重定向，相当于httpd的R=301.另外还有一个常用的redirect,相当于httpd的R=302.

-t && -s reload 测试并重载配置

[[email protected] vhost]# curl -x127.0.0.1:80 www.atorreid.com/index.html -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.12.1
Date: Wed, 14 Mar 2018 15:03:15 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://torreid.com/index.html