You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9.2 KiB
9.2 KiB
Nginx 安装
下载安装
官网下载
curl -O https://nginx.org/download/nginx-1.24.0.tar.gz
解压安装
tar -zxvf nginx-1.24.0.tar.gz
安装依赖
yum install -y \
gcc \
pcre pcre-devel \
zlib zlib-devel \
openssl openssl-devel
编译配置
cd nginx-1.24.0 && ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
编译安装
make && make install
启动服务
cd /usr/local/nginx/sbin/ && ./nginx
查看状态
ps -ef | grep nginx
访问服务
curl http://192.168.127.10/
重载配置
cd /usr/local/nginx/sbin/ && ./nginx -s reload
停止服务
cd /usr/local/nginx/sbin/ && ./nginx -s quit
服务脚本
创建服务
tee /usr/lib/systemd/system/nginx.service <<-'EOF'
[Unit]
Description=nginx - web server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecQuit=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
加载服务
systemctl daemon-reload
启动服务
systemctl start nginx
查看服务
systemctl status nginx
开机自启
systemctl enable nginx
虚拟主机
创建网站
mkdir -p /www/{aaa,bbb,ccc}
echo "hello aaa" > /www/aaa/index.html
echo "hello bbb" > /www/bbb/index.html
echo "hello ccc" > /www/ccc/index.html
修改 HOSTS
echo "127.0.0.1 www.aaa.com www.bbb.com www.ccc.com" >> /etc/hosts
修改配置
cat > /usr/local/nginx/conf/nginx.conf <<'EOF'
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
# 修改主机名
server_name www.aaa.com;
location / {
# 修改访问站点路径
root /www/aaa;
index index.html;
}
}
server {
listen 80;
# 修改主机名
server_name www.bbb.com;
location / {
# 修改访问站点路径
root /www/bbb;
index index.html;
}
}
server {
listen 80;
# 修改主机名
server_name www.ccc.com;
location / {
# 修改访问站点路径
root /www/ccc;
index index.html;
}
}
}
EOF
重载配置
systemctl reload nginx
访问地址
curl http://www.aaa.com
curl http://www.bbb.com
curl http://www.ccc.com
反向代理
修改配置
cat > /usr/local/nginx/conf/nginx.conf <<'EOF'
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.aaa.com;
location / {
# 反向代理 http://<HOST>/<IP>:<PORT>
proxy_pass http://www.bbb.com;
}
}
server {
listen 80;
# VHOST
server_name www.bbb.com;
location / {
root /www/bbb;
index index.html;
}
}
}
EOF
重载配置
systemctl reload nginx
访问地址
curl http://www.aaa.com
负载均衡
创建网站
mkdir -p /www/aaa{1,2}
echo "hello aaa1" > /www/aaa1/index.html
echo "hello aaa2" > /www/aaa2/index.html
修改 HOSTS
echo "127.0.0.1 www.aaa1.com www.aaa2.com" >> /etc/hosts
修改配置
cat > /usr/local/nginx/conf/nginx.conf <<'EOF'
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream aaa {
server www.aaa1.com:81 weight=8;
server www.aaa2.com:82 weight=2;
}
server {
listen 80;
server_name www.aaa.com;
location / {
# 反向代理 http://<upstream_name>
proxy_pass http://aaa;
}
}
server {
listen 81;
server_name www.aaa1.com;
location / {
root /www/aaa1;
index index.html;
}
}
server {
listen 82;
server_name www.aaa2.com;
location / {
root /www/aaa2;
index index.html;
}
}
}
EOF
重载配置
systemctl reload nginx
访问地址
curl http://www.aaa.com
动静分离
创建资源
mkdir -p /www/aaa/static/js
echo '<body><script src="js/index.js"></script></body>' > /www/bbb/index.html
echo 'document.body.innerText="js write";' > /www/aaa/static/js/index.js
修改配置
cat > /usr/local/nginx/conf/nginx.conf <<'EOF'
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.aaa.com;
location / {
# 动态资源访问后端
proxy_pass http://www.bbb.com;
}
# 正则表达式匹配路径
location ~*/(css|js) {
# 静态资源访问本地
root /www/aaa/static;
}
}
server {
listen 80;
server_name www.bbb.com;
location / {
root /www/bbb;
index index.html;
}
}
}
EOF
重载配置
systemctl reload nginx
访问地址
curl http://www.aaa.com
重定向
修改配置
cat > /usr/local/nginx/conf/nginx.conf <<'EOF'
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.aaa.com;
location / {
# rewrite <regex> <replacement> [flag];
rewrite ^/index/([0-9]+).html$ /index.html?pageNum=$1 break;
index index.html;
}
}
}
EOF
重载配置
systemctl reload nginx
访问地址
curl http://www.aaa.com/index/1.html
防盗链
创建资源
mkdir -p /www/aaa/static/js
echo '<body><script src="js/index.js"></script></body>' > /www/aaa/index.html
echo 'document.body.innerText="js write";' > /www/aaa/static/js/index.js
修改配置
cat > /usr/local/nginx/conf/nginx.conf <<'EOF'
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.aaa.com;
location / {
root /www/aaa;
index index.html;
}
location ~*/(css|js) {
# 设置允许访问的域名
# 设置 none 表示没有 refer 也可以访问
valid_referers www.aaa.com;
if ($invalid_referer) {
# 注意只能是 css|js|img 资源
# rewrite ^/ /img/error.png break;
return 403;
}
root /www/aaa/static;
}
}
}
EOF
重载配置
systemctl reload nginx
访问地址
curl http://www.aaa.com/js/index.js
curl -H "Referer:http://www.aaa.com/" http://www.aaa.com/js/index.js
HTTPS
准备证书
pwd
# /usr/local/nginx/conf/cert/
ls *.key *.pem
# www.aaa.com.key
# www.aaa.com.pem
修改配置
cat > /usr/local/nginx/conf/nginx.conf <<'EOF'
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.aaa.com;
# 自动跳转 https 请求
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.aaa.com;
ssl_certificate cert/www.aaa.com.pem;
ssl_certificate_key cert/www.aaa.com.key;
location / {
root /www/aaa/;
index index.html;
}
}
}
重载配置
systemctl reload nginx
访问地址
curl http://www.aaa.com
curl https://www.aaa.com
SOCKET 转发
cat > /usr/local/nginx/conf/nginx.conf <<'EOF'
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
listen 80;
server_name jupyter.caoshd.space;
location / {
proxy_pass http://192.168.0.100:9000;
# socket 转发
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
高可用
使用 KEEPALIVED 实现
插件安装
查看
/usr/local/nginx/sbin/nginx -V
显示
nginx version: nginx/1.24.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
配置
./configure --prefix=/usr/local/nginx \
--with-http_stub_status_module \
--with-http_ssl_module \
--add-module=<module_path>
编译
make
备份
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
更新
cp -r objs/nginx /usr/local/nginx/sbin/nginx