高性能web服务器--nginx

下载nginx

[root@nginx ~]# wget -c https://nginx.org/download/nginx-1.24.0.tar.gz
[root@nginx ~]# tar zxf nginx-1.24.0.tar.gz创建nginx用户
[root@nginx nginx-1.24.0]# useradd -s /sbin/nologin -M nginx

先安装依赖

dnf install gcc pcre-devel zlib-devel openssl-devel -y

[root@nginx nginx-1.24.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module

注意：如果没有提前安装依赖，会报以下错误

./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.

可以先一个个 dnf install pcre-devel -y

安装编译

 make && make install

[root@nginx nginx-1.24.0]# ll
total 820
drwxr-xr-x 6 nginx nginx   4096 Aug 15 10:56 auto
-rw-r--r-- 1 nginx nginx 323312 Apr 11  2023 CHANGES
-rw-r--r-- 1 nginx nginx 494234 Apr 11  2023 CHANGES.ru
drwxr-xr-x 2 nginx nginx    168 Aug 15 10:56 conf
-rwxr-xr-x 1 nginx nginx   2611 Apr 11  2023 configure
drwxr-xr-x 4 nginx nginx     72 Aug 15 10:56 contrib
drwxr-xr-x 2 nginx nginx     40 Aug 15 10:56 html
-rw-r--r-- 1 nginx nginx   1397 Apr 11  2023 LICENSE
-rw-r--r-- 1 root  root     438 Aug 15 11:02 Makefile
drwxr-xr-x 2 nginx nginx     21 Aug 15 10:56 man
drwxr-xr-x 3 root  root     174 Aug 15 11:03 objs
-rw-r--r-- 1 nginx nginx     49 Apr 11  2023 README
drwxr-xr-x 9 nginx nginx     91 Aug 15 10:56 src
[root@nginx nginx-1.24.0]# cd objs/
[root@nginx objs]# ls
autoconf.err  nginx    ngx_auto_config.h   ngx_modules.c  src
Makefile      nginx.8  ngx_auto_headers.h  ngx_modules.o
[root@nginx objs]# nginx
bash: nginx: command not found...
Install package 'nginx-core' to provide command 'nginx'? [N/y] n# 启动nginx
[root@nginx objs]# ./nginx[root@nginx objs]# ps aux | grep nginx
root       42828  0.0  0.0   9836   928 ?        Ss   11:39   0:00 nginx: master process ./nginx
nginx      42829  0.0  0.1  13724  4844 ?        S    11:39   0:00 nginx: worker process
root       42834  0.0  0.0 221664  2168 pts/0    S+   11:40   0:00 grep --color=auto nginx

关闭nginx

[root@nginx objs]# /usr/local/nginx/sbin/nginx -s stop
[root@nginx objs]# ps aux | grep nginx
root       42837  0.0  0.0 221664  2352 pts/0    S+   11:41   0:00 grep --color=auto nginx

删除nginx

[root@nginx objs]# rm -rf /usr/local/nginx/
[root@nginx objs]# make clean

不启用debug模块

[root@nginx nginx-1.24.0]# vim auto/cc/gcc

nginx软件的执行路径添加到环境变量中

[root@nginx ~]# vim ~/.bash_profile
export PATH=$PATH:/usr/local/nginx/sbin
[root@nginx ~]# source ~/.bash_profile
[root@nginx ~]# nginx

看nginx软件的大小

[root@nginx ~]# du -sh /usr/local/nginx/sbin/nginx
5.5M    /usr/local/nginx/sbin/nginx

改变服务版本信息

[root@nginx ~]# cd /usr/local/nginx/conf/
[root@nginx conf]# vim nginx.conf

[root@nginx conf]# curl -I 192.168.136.100
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Thu, 15 Aug 2024 03:52:15 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Thu, 15 Aug 2024 03:03:35 GMT
Connection: keep-alive
ETag: "66bd7007-267"
Accept-Ranges: bytes

平滑升级和平滑回滚

下载高版本的

将echo-nginx-module-0.63.tar.gz 上传到本地家目录下

开始编译新版本

[root@nginx nginx-1.26.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx  --add-module=/root/echo-nginx-module-0.63 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module

只要make无需要make install

[root@nginx nginx-1.26.2]# make

查看两个版本

[root@nginx nginx-1.26.2]# ll objs/nginx /usr/local/nginx/sbin/nginx
-rwxr-xr-x 1 root root 6177456 Aug 15 13:06 objs/nginx
-rwxr-xr-x 1 root root 5679504 Aug 15 11:03 /usr/local/nginx/sbin/nginx

把之前的旧版的nginx命令备份

[root@nginx nginx-1.26.2]# cd /usr/local/nginx/sbin/
[root@nginx sbin]# ll
total 5548
-rwxr-xr-x 1 root root 5679504 Aug 15 11:03 nginx
[root@nginx sbin]# mv nginx nginx.old

把新版本的nginx命令复制过去

[root@nginx sbin]# \cp -f /root/nginx-1.26.2/objs/nginx /usr/local/nginx/sbin/

检测一下有没有问题

[root@nginx sbin]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@nginx sbin]# nginx -s restart

[root@nginx sbin]# nginx
[root@nginx sbin]# ps aux | grep nginx
root       47861  0.0  0.0   9836   932 ?        Ss   13:48   0:00 nginx: master process nginx
nginx      47862  0.0  0.1  13724  4816 ?        S    13:48   0:00 nginx: worker process
root       47864  0.0  0.0 221664  2272 pts/0    S+   13:48   0:00 grep --color=auto nginx[root@nginx sbin]# kill -USR2 47861
[root@nginx sbin]# ps aux | grep nginx
root       47861  0.0  0.0   9836  3196 ?        Ss   13:48   0:00 nginx: master process nginx
nginx      47932  0.0  0.1  13736  4956 ?        S    14:05   0:00 nginx: worker process
root       47939  0.0  0.1   9872  5952 ?        S    14:06   0:00 nginx: master process nginx
nginx      47940  0.0  0.1  13760  4736 ?        S    14:06   0:00 nginx: worker process
root       47942  0.0  0.0 221664  2256 pts/0    S+   14:06   0:00 grep --color=auto nginx#回收旧版本
[root@nginx sbin]# kill -WINCH 47861#检测版本信息
[root@nginx sbin]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Thu, 15 Aug 2024 06:07:15 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Thu, 15 Aug 2024 03:03:35 GMT
Connection: keep-alive
ETag: "66bd7007-267"
Accept-Ranges: bytes#平滑回滚
[root@nginx sbin]# kill -HUP 47861

隐藏

[root@nginx nginx]# vim /root/nginx-1.26.2/src/core/nginx.h

Nginx 核心配置详解

[root@nginx conf]# vim nginx.conf

[root@nginx conf]# nginx -g "worker_processes 6;"
[root@nginx conf]# ps aux | grep nginx
root       48272  0.0  0.0   9872   940 ?        Ss   16:10   0:00 nginx: master process nginx -g worker_processes 6;
nginx      48273  0.0  0.1  13772  4864 ?        S    16:10   0:00 nginx: worker process
nginx      48274  0.0  0.1  13772  4864 ?        S    16:10   0:00 nginx: worker process
nginx      48275  0.0  0.1  13772  4864 ?        S    16:10   0:00 nginx: worker process
nginx      48276  0.0  0.1  13772  4864 ?        S    16:10   0:00 nginx: worker process
nginx      48277  0.0  0.1  13772  4864 ?        S    16:10   0:00 nginx: worker process
nginx      48278  0.0  0.1  13772  4864 ?        S    16:10   0:00 nginx: worker process
root       48280  0.0  0.0 221664  2328 pts/0    S+   16:10   0:00 grep --color=auto nginx

写启动文件

[root@nginx conf]# vim /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target[root@nginx conf]# systemctl daemon-reload
[root@nginx conf]# nginx -s stop
[root@nginx conf]# ps aux | grep nginx
root       48382  0.0  0.0 221664  2268 pts/0    S+   16:19   0:00 grep --color=auto nginx
[root@nginx conf]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@nginx conf]# ps aux | grep nginx
root       48411  0.0  0.0   9872   944 ?        Ss   16:20   0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx      48412  0.0  0.1  13772  4824 ?        S    16:20   0:00 nginx: worker process
root       48414  0.0  0.0 221664  2196 pts/0    S+   16:20   0:00 grep --color=auto nginx

将Nginx工作进程绑定到指定的CPU核心

worker_cpu_affinity 将Nginx工作进程绑定到指定的CPU核心，默认Nginx是不进行进程绑定的，绑定并不是意味着当前nginx进程独占以一核心CPU，但是可以保证此进程不运行在其他核心上，这就极大减少了nginx的工作进程在不同的 cpu核心上的来回跳转，减少了CPU对进程的资源分配与回收以及内存管理等，因此可以有效的提升nginx服务器的性能。

user nginx;  #启动Nginx工作进程的用户
worker_processes 4;  #启动Nginx工作进程的数量,一般设为和CPU核心数相同
worker_cpu_affinity 0001 0010 0100 1000;

[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

实现 nginx 的高并发配置

修改pam限制

查看ulimit
[root@nginx conf]# sudo -u nginx ulimit -n
1024

[root@nginx conf]# vim /etc/security/limits.conf

设置单个工作进程的最大并发连接数

测试访问

[root@nginx conf]# ab -n 100 -c 50 http://192.168.136.100/index.html
This is ApacheBench, Version 2.3 <$Revision: 1879490 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking 192.168.136.100 (be patient).....doneServer Software:        nginx/1.26.2
Server Hostname:        192.168.136.100
Server Port:            80Document Path:          /index.html
Document Length:        615 bytesConcurrency Level:      50
Time taken for tests:   0.006 seconds
Complete requests:      100
Failed requests:        0
Total transferred:      84800 bytes
HTML transferred:       61500 bytes
Requests per second:    15444.02 [#/sec] (mean)
Time per request:       3.237 [ms] (mean)
Time per request:       0.065 [ms] (mean, across all concurrent requests)
Transfer rate:          12789.58 [Kbytes/sec] receivedConnection Times (ms)min  mean[+/-sd] median   max
Connect:        0    1   0.4      1       2
Processing:     0    1   1.0      1       4
Waiting:        0    1   1.1      1       4
Total:          1    2   1.3      2       5Percentage of the requests served within a certain time (ms)50%      266%      275%      280%      290%      595%      598%      599%      5100%      5 (longest request)

新建一个 PC web 站点

配置子配置文件（可选），在主配置文件添加一行

[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf

[root@nginx ~]# mkdir -p /usr/local/nginx/conf.d
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {listen 80;server_name www.jieyu.org;root /data/web/html;index index.html;
}[root@nginx ~]# mkdir -p /data/web/html
[root@nginx ~]# echo www.jieyu.org > /data/web/html/index.html
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
^C
[root@nginx ~]# nginx -s reload

修改C:\Windows\System32\drivers\etc\hosts 添加以下解析
192.168.136.100 www.jieyu.org

测试访问

root 与 alias

root：指定web的家目录，在定义location的时候，文件的绝对路径等于 root+location

root示例：

[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {listen 80;server_name www.jieyu.org;root /data/web/html;index index.html;location /test1 {root /data/web;}
}[root@nginx ~]# mkdir -p /data/web/test1
[root@nginx ~]# echo /data/web/test1 > /data/web/test1/index.html
[root@nginx ~]# nginx -s reload

测试

alias：定义路径别名，会把访问的路径重新定义到其指定的路径,文档映射的另一种机制;仅能用于 location上下文,此指令使用较少

server {listen 80;server_name www.jieyu.org;root /data/web/html;index index.html;location /test1 {root /data/web;}location /test2 {alias /data/web/test1;}
}

location 的详细使用

在一个server中location配置段可存在多个，用于实现从uri到文件系统的路径映射；

ngnix会根据用户请求的URI来检查定义的所有location，按一定的优先级找出一个最佳匹配，而后应用其配置在没有使用正则表达式的时候，nginx会先在server中的多个location选取匹配度最高的一个uri uri是用户请求的字符串，即域名后面的web文件路径然后使用该location模块中的正则url和字符串，如果匹配成功就结束搜索，并使用此location处理此请求。

匹配以html或者yu结尾

location ~ .(html|yu)$ {root /data/web1;   
}

[root@nginx test]# pwd
/data/web1/test

[root@nginx web]# mkdir -p /data/web{1..5}/test
[root@nginx web]# echo web1 > /data/web1/test/index.html
[root@nginx web]# echo web2 > /data/web2/test/index.html
[root@nginx web]# echo web3 > /data/web3/test/index.html
[root@nginx web]# echo web4 > /data/web4/test/index.html
[root@nginx web]# echo web5 > /data/web5/test/index.html

文件和目录的优先级不一样

创建默认认证文件

[root@nginx ~]# htpasswd -cm /usr/local/nginx/.htpasswd yujie  # -c 会覆盖之前的用户
New password:
Re-type new password:
Adding password for user yujie[root@nginx ~]# htpasswd -m /usr/local/nginx/.htpasswd admin  [root@nginx ~]# cat /usr/local/nginx/.htpasswd
yujie:$apr1$lqNM/m0v$1E.lLVqwHTc8Ji6UWNfJL.
admin:$apr1$OaJ1Hrgx$kRH2x6iOMt.DN97QrgQYd0[root@nginx ~]# mkdir /data/web/yu
[root@nginx ~]# echo yu > /data/web/yu/index.html

加用户认证

server {listen 80;server_name www.jieyu.org;root /data/web/html;index index.html;location /yu {root /data/web;auth_basic "login password !!";auth_basic_user_file "/usr/local/nginx/.htpasswd";}
}

用户认证

自定义错误页

server {listen 80;server_name  www.jieyu.org;root /data/web/html;index index.html;error_page 404 /40x.html;location /yu {root /data/web;auth_basic "login password !!";auth_basic_user_file "/usr/local/nginx/.htpasswd";}location = /40x.html {root /data/web/errorpage;}
}

[root@nginx ~]# mkdir -p /data/web/errorpage
[root@nginx ~]# echo error page > /data/web/errorpage/40x.html
[root@nginx ~]# nginx -s reload

自定义错误日志与访问日志

[root@nginx ~]# mkdir /var/log/jieyu.org/
[root@nginx ~]# nginx -s reload

[root@nginx ~]# cat /var/log/jieyu.org/access.log
192.168.136.1 - admin [16/Aug/2024:14:33:02 +0800] "GET /yu/ HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0"

[root@nginx ~]# cat /var/log/jieyu.org/error.log
2024/08/16 14:34:13 [error] 2019#0: *19 open() "/data/web/yua" failed (2: No such file or directory), client: 192.168.136.1, server: www.jieyu.org, request: "GET /yua HTTP/1.1", host: "www.jieyu.org"

检测文件是否存在

try_files会按顺序检查文件是否存在，返回第一个找到的文件或文件夹（结尾加斜线表示为文件夹），如果所有文件或文件夹都找不到，会进行一个内部重定向到最后一个参数。只有最后一个参数可以引起一个内部重定向，之前的参数只设置内部URI的指向。最后一个参数是回退URI且必须存在，否则会出现内部500错误。

示例: 如果不存在页面, 就转到default.html页面

[root@nginx ~]# rm -rf /data/web/html/index.html
[root@nginx ~]# mkdir /data/web/html/error
[root@nginx ~]# echo error default > /data/web/html/error/default.html

长连接配置

长连接的测试工具

[root@nginx ~]# dnf install telnet -y

设定保持连接超时时长，0表示禁止长连接

让客户看到60s 实际65s

作为下载服务器配置

[root@nginx ~]# mkdir /data/web/download
[root@nginx ~]# dd if=/dev/zero of=/data/web/download/yufile bs=1M count=100
100+0 records in
100+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.0395786 s, 2.6 GB/s

测试

nginx的状态页面

server {listen 80;server_name status.jieyu.org;root /data/web/html;index index.html;location /status {stub_status;allow 192.168.136.1;   #指定让谁看deny all;}
}

更改 C:\Windows\System32\drivers\etc\hosts 文件

192.168.136.100 status.jieyu.org

因为指定了让192.168.136.1看所以只能浏览器看

Nginx 压缩功能

Nginx支持对指定类型的文件进行压缩然后再传输给客户端，而且压缩还可以设置压缩比例，压缩后的文件大小将比源文件显著变小，样有助于降低出口带宽的利用率，降低企业的IT支出，不过会占用相应的CPU资源。

[root@nginx ~]# vim /usr/local/nginx/conf/nginx.confgzip  on;                 #启用或禁用gzip压缩，默认关闭gzip_comp_level 4;        #压缩比由低到高从1到9，默认为1，值越高压缩后文件越小gzip_min_length 1k;       #gzip压缩的最小文件，小于设置值的文件将不会压缩gzip_http_version 1.1;    #启用压缩功能时，协议的最小版本，默认HTTP/1.1gzip_vary on;     #如果启用压缩，是否在响应报文首部插入“Vary: Accept-Encoding”,一般建议打开gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/gif image/png;     #指明仅对哪些类型的资源执行压缩操作;默认为gzip_types text/html，不用显示指定，

制作大文件，小文件


[root@nginx ~]# echo hello jieyu > /data/web/html/small.html
[root@nginx ~]# du -sh /usr/local/nginx/logs/access.log
24K     /usr/local/nginx/logs/access.log
[root@nginx ~]# cat /usr/local/nginx/logs/access.log > /data/web/html/big.html

Nginx Rewrite 相关功能

[root@nginx ~]# vim /etc/hosts
192.168.136.100 vars.jieyu.org

server {listen 80;server_name var.jieyu.org;root /data/web/html;index index.html;location /var {default_type text/html;echo $remote_addr;echo $args;echo $is_args;echo $document_root;echo $document_uri;echo $host;echo $remote_port;echo $remote_user;echo $request_method;echo $request_filename;echo $request_uri;echo $scheme;echo $server_protocol;echo $server_addr;echo $server_name;echo $server_port;echo $http_user_agent;echo $http_cookie;echo $cookie_key2;}
}

测试：

[root@nginx ~]# curl -b "key1=yu,key2=yu1" -u yu:123 var.jieyu.org/var?name=lee&&id=6666
192.168.136.100
name=lee
?
/data/web/html
/var
var.jieyu.org
48482
yu
GET
/data/web/html/var
/var?name=lee
http
HTTP/1.1
192.168.136.100
var.jieyu.org
80
curl/7.76.1
key1=yu,key2=yu1
yu1

nginx自定义变量

server {listen 80;server_name var.jieyu.org;root /data/web/html;index index.html;location /var {default_type text/html;set $jieyu jie;echo $jieyu;}
}

测试

[root@nginx ~]#  curl var.jieyu.org/var
jie

if 判定指令

测试文件是否存在

[root@nginx test2]# cat /usr/local/nginx/conf.d/yu.conf
server {listen 80;server_name var.jieyu.org;root /data/web/html;index index.html;location /test2 {if ( !-e $request_filename ) {echo "$request_filename is not exist";}}
}

测试

#没文件
[root@nginx test2]# nginx -s reload
[root@nginx test2]# curl var.jieyu.org/test2/index.html
/data/web/html/test2/index.html is not exist#有文件
[root@nginx test2]# echo test2 > /data/web/html/test2/index.html
[root@nginx test2]# curl var.jieyu.org/test2/index.html
test2

break指令

location /break {default_type text/html;set $name yu;echo $name;if ( $http_user_agent = "curl/7.76.1" ){break;}set $id 666;echo $id;}

测试

[root@nginx test2]# nginx -s reload
[root@nginx test2]# curl var.jieyu.org/break
yu[root@nginx test2]# curl -A "firefox" var.jieyu.org/break
yu
666

return指令

location /return {default_type text/html;if ( !-e $request_filename){return 301 http://www.baidu.com;}echo "$request_filename is exist";}

测试

[root@nginx test2]# nginx -s reload
[root@nginx test2]# curl -I var.jieyu.org/return
HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.2
Date: Sun, 18 Aug 2024 03:55:35 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=60
Location: http://www.baidu.com[root@nginx test2]# mkdir -p /data/web/html/return
[root@nginx test2]# curl -I var.jieyu.org/return
HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Sun, 18 Aug 2024 03:56:26 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding

rewrite 临时和永久

永久重定向301:域名永久型调整，即域名永远跳转至另外一个新的域名，之前的域名再也不使用，跳转记录可以缓存到客户端浏览器

永久重定向会缓存DNS解析记录, 浏览器中有 from disk cache 信息,即使nginx服务器无法访问,浏览器也会利用缓存进行重定向

location /rewrite {root /data/web/var;index index.html;rewrite / http://www.jieyu.com permanent;}

测试

临时重定向302:域名临时重定向，告诉浏览器域名不是固定重定向到当前目标域名，后期可能随时会更改，因此浏览器不会缓存当前域名的解析记录，而浏览器会缓存永久重定向的DNS解析记录，这也是临时重定向与永久重定向最大的本质区别。

即当nginx服务器无法访问时,浏览器不能利用缓存,而导致重定向失败

location /rewrite {root /data/web/var;index index.html;rewrite / http://www.jieyu.com redirect;}

测试

rewrite 案例: break 与 last

创建html文件

[root@nginx ~]# mkdir /data/web/html/{test1,test2,break,last} -p
[root@nginx ~]# echo test1 > /data/web/html/test1/index.html
[root@nginx ~]# echo test2 > /data/web/html/test2/index.html
[root@nginx ~]# echo last > /data/web/html/last/index.html
[root@nginx ~]# echo break > /data/web/html/break/index.html

server {listen 80;server_name var.jieyu.org;root /data/web/html;index index.html;location /break {rewrite ^/break/(.*) /test1/$1;rewrite ^/test1/(.*) /test2/$1;}location /last {rewrite ^/last/(.*) /test1/$1;rewrite ^/test1/(.*) /test2/$1;}location /test1 {default_type test/html;echo "jieyu hahahahahha";}location /test2 {root /data/web/html;}
}

测试

当加入break之后

当加入last之后

rewrite案例: 自动跳转 https

案例：基于通信安全考虑公司网站要求全站 https，因此要求将在不影响用户请求的情况下将http请求全部自动跳转至 https，另外也可以实现部分 location 跳转

[root@nginx ~]# mkdir -p /usr/local/nginx/certs
[root@nginx ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/jieyu.org.key -x509 -days 365 -out /usr/local/nginx/certs/jieyu.org.crt
.+.....+....+.....+.+...+........+....+....................+.+.....+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.....+....+........+...+.+...+...............+...+...+..............+.+......+.........+............+..+.+......+.....+...+.........................................................+...+.+..+.......+...+.....+...+.+...+...+..+............+.+.........+........+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+........+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+.....+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.........+...+...+.+...+..........................+.......+..............+....+............+............+...........+.+........+.+...........+.+..+...+...+..........+..+.........+......+....+...+........+...+.+......+.....+....+...+......+...........+.+...+......+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Jiangsu
Locality Name (eg, city) [Default City]:nanjing
Organization Name (eg, company) [Default Company Ltd]:jieyu
Organizational Unit Name (eg, section) []:webserver
Common Name (eg, your name or your server's hostname) []:www.jieyu.org
Email Address []:admin@jieyu.com

编辑配置

vim /usr/local/nginx/conf.d/vhosts.conf
server {listen 80;listen 443 ssl;server_name www.jieyu.org;root /data/web/html;index index.html;ssl_certificate /usr/local/nginx/certs/jieyu.org.crt;ssl_certificate_key /usr/local/nginx/certs/jieyu.org.key;ssl_session_cache    shared:SSL:1m;ssl_session_timeout  5m;location / {if ( $scheme = http ){rewrite / https://$host redirect;}}
}

测试： 输入http://www.jieyu.org

案例：防盗链

放图片

[root@nginx html]# mkdir /data/web/html/images
[root@nginx images]# ls
123.jpg将盗链图片放在/data/web/html下

实现盗链

在一个web 站点盗链另一个站点的资源信息，比如:图片、视频等

假设有个192.168.136.128的web服务器偷图

[root@client ~]# cat /var/www/html/index.html
<html><head><meta http-equiv=Content-Type content="text/html;charset=utf-8"><title>盗链</title>
</head><body><img src="http://www.jieyu.org/images/nginx.jpg" ><h1 style="color:red">欢迎大家</h1><p><a href=http://www.jieyu.org>狂点老鱼</a>出门见喜</p></body></html>

location /images  {valid_referers none blocked server_names *.jieyu.org ~/.baidu/.;if ( $invalid_referer ){rewrite ^/   http://www.jieyu.org/daolian.png;}}

如果从百度转过去会有referer信息

验证两个域名的日志，是否会在被盗连的web站点的日志中出现以下盗链日志信息：

实现防盗链

全站限制

发现图片裂了，网址也访问不了

location /images  {valid_referers none blocked server_names *.jieyu.org ~/.baidu/.;if ( $invalid_referer ){rewrite ^/   http://www.jieyu.org/daolian.png;}}

再次访问

NGINX 反向代理

ngx_http_proxy_module: #将客户端的请求以http协议转发至指定服务器进行处理 ngx_http_upstream_module #用于定义为proxy_pass,fastcgi_pass,uwsgi_pass

#等指令引用的后端服务器分组

ngx_stream_proxy_module: #将客户端的请求以tcp协议转发至指定服务器处理 ngx_http_fastcgi_module: #将客户端对php的请求以fastcgi协议转发至指定服务器助理 ngx_http_uwsgi_module: #将客户端对Python的请求以uwsgi协议转发至指定服务器处理

动静分离

准备两台web服务器

在nginx主机上测试访问两台web主机

一台主机装php

[root@web1 ~]# yum install php -y

[root@web1 ~]# yum install httpd -y
[root@web1 ~]# cat /var/www/html/index.php
<?php
phpinfo();
?>

一台配置一个html页面

[root@nginx images]# cat /usr/local/nginx/conf.d/vhosts.conf
server {listen 80;server_name www.jieyu.org;location ~ \.php$ {proxy_pass http://192.168.136.128:80;}location /static {proxy_pass http://192.168.136.129:90;}
}

测试：

反向代理示例: 缓存功能

cache is king

压测

[root@nginx nginx]# ab -n1000 -c100 http://www.jieyu.org/static/index.html

每秒处理的请求量

开始缓存配置 (缓存功能默认关闭状态,需要先动配置才能启用)

[root@nginx images]# vim /usr/local/nginx/conf/nginx.conf

在http模块添加以下语句:

proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;

server {listen 80;server_name www.jieyu.org;location ~ \.php$ {proxy_pass http://192.168.136.128:80;}location /static {proxy_pass http://192.168.136.129:80;proxy_cache proxycache;proxy_cache_key $request_uri;proxy_cache_valid 200 302 301 10m;proxy_cache_valid any 1m;}
}

再次压测

刚刚配置生成的文件

http 反向代理负载均衡

需要有这些模块

upstream webcluster {server 192.168.136.128:80 fail_timeout=15s max_fails=3;server 192.168.136.129:80 fail_timeout=15s max_fails=3;server 192.168.136.100:80 backup;
}
server {listen 80;server_name www.jieyu.org;location / {proxy_pass http://webcluster;}
}

测试

ip_hash

源地址hash调度方法，基于的客户端的remote_addr(源地址IPv4的前24位或整个IPv6地址)做hash计算，以实现会话保持

加入ip_hash后

测试

hash $request_uri consistent; #基于用户请求的uri做hash

测试

对cookie进行hash

基于cookie中的sessionid这个key进行hash调度,实现会话绑定测试down 标记为down状态,可以平滑下线后端服务

测试

实现 Nginx 四层负载均衡

域名解析负载均衡

两台主机安装bind服务，并编辑配置文件

[root@web1 ~]# vim /etc/named.rfc1912.zones
...
zone "jieyu.org" IN {type master;file "jieyu.org.zone";allow-update { none; };
};
...

[root@web1 named]# cat /var/named/jieyu.org.zone
$TTL 1D
@       IN SOA   ns.jieyu.org. root.jieyu.org. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      ns.jieyu.org.
ns      A       192.168.136.128
www     A       192.168.136.128

传给另一台服务器

[root@web1 named]# scp -p /etc/named.{conf,rfc1912.zones} root@192.168.136.129:/etc/
root@192.168.136.129's password:
named.conf                                                                           100% 1712     1.3MB/s   00:00
named.rfc1912.zones                                                                  100% 1115     2.0MB/s   00:00[root@web1 named]# scp -p /var/named/jieyu.org.zone  root@192.168.136.129:/var/named/jieyu.org.zone[root@web2 named]# chgrp named /var/named/jieyu.org.zone

实现 FastCGI

二进制下载nginx

[root@nginx nginx-1.24.0]# ./configure --prefix=/usr/local/nginx --add-module=/root/echo-nginx-module-0.63 --add-module=/root/memc-nginx-module-0.20 --add-module=/root/srcache-nginx-module-0.33 --user=nginx --group=nginx --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-pcre
[root@nginx nginx-1.24.0]# make && make install

二进制下载php

利用yum解决php依赖

[root@Nginx ~]# yum install -y bzip2 systemd-devel libxml2-devel sqlite-devel
libpng-devel libcurl-devel oniguruma-devel

oniguruma-devel 可能安装不了去阿里下

[root@nginx php-8.3.9]# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
[root@nginx php-8.3.9]# make && make install

make && make install

php相关配置优化

[root@nginx php-8.3.9]# cd /usr/local/php/etc/
[root@nginx etc]# ls
php-fpm.conf.default  php-fpm.d
[root@nginx etc]# cp -p php-fpm.conf.default php-fpm.conf
去掉注释
[root@nginx etc]# vim php-fpm.conf
pid = run/php-fpm.pid   #指定pid文件存放位置


[root@nginx etc]# cd php-fpm.d/
[root@nginx php-fpm.d]# ls
www.conf.default
[root@nginx php-fpm.d]# cp www.conf.default www.conf -p
[root@nginx php-fpm.d]# vim www.conf

生成主配置文件

[root@nginx php-8.3.9]# cp php.ini-production /usr/local/php/etc/php.ini
[root@nginx ~]# cd /usr/local/php/etc/
[root@nginx etc]# vim php.ini

修改时区

生成启动文件

[root@nginx php-8.3.9]# cp sapi/fpm/php-fpm.service /lib/systemd/system

注释该内容

[root@nginx php-8.3.9]# systemctl daemon-reload 
[root@nginx php-8.3.9]# systemctl start php-fpm.service 
[root@nginx php-8.3.9]# netstat -launpt | grep php
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      147532/php-fpm: mas

添加php环境变量

[root@nginx php-8.3.9]# vim ~/.bash_profile

[root@nginx php-8.3.9]# source ~/.bash_profile

准备php测试页面

[root@nginx php-8.3.9]# mkdir /data/web/php -p
[root@nginx php-8.3.9]# cd /data/web/php
[root@nginx php]# vim index.php<?phpphpinfo();
?>

Nginx配置转发

Nginx安装完成之后默认生成了与fastcgi的相关配置文件，一般保存在nginx的安装路径的conf目录当中，比如/apps/nginx/conf/fastcgi.conf、/apps/nginx/conf/fastcgi_params。

在主配置文件添加子配置文件

[root@nginx php]# vim /usr/local/nginx/conf/nginx.conf

写nginx文件

[root@nginx ~]# mkdir /usr/local/nginx/conf.d
[root@nginx ~]# cd /usr/local/nginx/conf.d/
[root@nginx conf.d]# vim vhosts.confserver {listen 80;server_name  www.jieyu.org;root /data/web/html;index index.html;location ~ \.php$ {root /data/web/php;fastcgi_pass 127.0.0.1:9000fastcgi_index index.php;include fastcgi.conf;}
}

测试访问

php高速缓存

php的动态扩展模块（php的缓存模块）

安装memcache模块

[root@Nginx ~]# tar zxf memcache-8.2.tgz
[root@Nginx ~]# cd memcache-8.2/
[root@Nginx memcache-8.2]# yum install autoconf
[root@Nginx memcache-8.2]# phpize
Configuring for:
PHP Api Version:         20200930
Zend Module Api No:      20200930
Zend Extension Api No:   420200930[root@Nginx memcache-8.2]# ./configure && make && make install
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-nonzts-20230831/
[root@Nginx memcache-8.2]# ls /usr/local/php/lib/php/extensions/no-debug-non-zts20230831/
memcache.so opcache.so

复制测试文件到nginx发布目录中

[root@Nginx ~]# cd memcache-8.2/
[root@Nginx memcache-8.2]# ls
autom4te.cache config.log configure.ac example.php Makefile.fragments
README
build config.m4 config.w32 include Makefile.objects runtests.php
config9.m4 config.nice CREDITS libtool memcache.la src
config.h config.status docker LICENSE memcache.php
tests
config.h.in configure Dockerfile Makefile modules
[root@Nginx memcache-8.2]# cp example.php memcache.php /data/web/php
[root@Nginx ~]# vim /data/php/memcache.php

配置php加载memcache模块

[root@Nginx ~]# vim /usr/local/php/etc/php.ini

[root@Nginx ~]# systemctl reload php-fpm
[root@Nginx no-debug-non-zts-20230831]# php -m | grep mem
memcache

部署memcached

[root@Nginx ~]# yum install memcached -y
[root@Nginx ~]# systemctl enable --now memcached.service
[root@Nginx ~]# netstat -antlupe | grep memcache
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN
976 1037243 186762/memcached
[root@Nginx ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1"

测试：

输入用户和密码

访问 http://php.timinglee.org/memcache.php 查看命中效果

性能对比

[root@apache20 ~]# ab -n500 -c10 http://www.jieyu.org/index.php
@@@内容忽略@@@
Concurrency Level: 10
Time taken for tests: 0.514 seconds
Complete requests: 500
Failed requests: 44
(Connect: 0, Receive: 0, Length: 44, Exceptions: 0)
[root@apache20 ~]# ab -n500 -c10 http://www.jieyu.org/example.php
@@@内容忽略@@@
Concurrency Level: 10
Time taken for tests: 0.452 seconds
Complete requests: 500
Failed requests: 0

部署方法

在我们安装的nginx中默认不支持memc和srcache功能，需要借助第三方模块来让nginx支持此功能，所以nginx需要重新编译

[root@Nginx ~]# vim /usr/local/nginx/conf.d/vhosts.conf
upstream memcache {server 127.0.0.1:11211;keepalive 512;
}
server {listen 80;server_name www.jieyu.org;root /data/web/php;location /memc {internal;memc_connect_timeout 100ms;memc_send_timeout 100ms;memc_read_timeout 100ms;set $memc_key $query_string; #使用内置变量$query_string来作为keyset $memc_exptime 300; #缓存失效时间300秒memc_pass memcache;}location ~ \.php$ {root /data/web/php;set $key $uri$args; #设定key的值srcache_fetch GET /memc $key; #检测mem中是否有要访问的phpsrcache_store PUT /memc $key; #缓存为加载的php数据fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;include fastcgi.conf;}
}

[root@nginx memcache-8.2]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

测压

[root@nginx ~ ]# ab -n500 -c10 http://www.jieyu.org/index.php

nginx 二次开发版本

openresty

二进制安装

[root@nginx openresty]# ./configure --prefix=/usr/local/openresty --with-http_stub_status_module --with-http_gzip_static_module --with-http_sub_module --with-stream_ssl_module --with-stream_realip_module --with-pcre --with-stream --with-http_ssl_module \# make && make install

[root@nginx bin]# vim ~/.bash_profile

[root@nginx bin]# source ~/.bash_profile

[root@nginx bin]# openresty
[root@nginx bin]# netstat -launpt | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      166940/nginx: maste

[root@nginx ~]# cd /usr/local/openresty/
[root@nginx openresty]# ls
bin  COPYRIGHT  luajit  lualib  nginx  pod  resty.index  site

可以在里面进行开发