客服电话
APP下载
迪恩网络APP
随时随地掌握行业动态
官方微信
扫描二维码
关注迪恩网络微信公众号
|
安装 sudo apt-get install nginx 启动 sudo /etc/init.d/nginx start #通过init.d下的启动文件启动。 sudo service nginx start#通过ubuntu的服务管理器启动 配置文件位置 /etc/nginx/nginx.conf 编译安装 (1).gcc apt-get install gcc (2).pcre(Perl Compatible Regular Expression) apt-get install libpcre3 libpcre3-dev (3).zlib apt-get install zliblg zliblg-dev (4).openssl apt-get install openssl opensll-dev #如果非apt,可以使用下载包手动编译安装的方式处理 2.下载包 www.nginx.net 下载稳定版 wget http://nginx.org/download/nginx-1.4.4.tar.gz 3.解压安装 tar -xzvf nginx-1.4.4.tar.gz #默认,安装目录/usr/local/nginx ./configure make make install #配置 ./configure --conf-path=/etc/nginx/nginx.conf 可以配置一些其他选项 安装后查看下目录下的Configuration summary 需要给nginx建立一个init脚本 1.使用不同prefix,方便指定不同版本,也便于升级 ./configure --prefix=/usr/local/nginx-1.4.4 基本操作 /usr/local/nginx/sbin/nginx -h 立即停止进程(TERM信号) /usr/local/nginx/sbin/nginx -s stop 温和停止进程(QUIT信号) /usr/local/nginx/sbin/nginx -s quit 重加载 /etc/init.d/nginx reload #有init脚本情况下 /usr/local/nginx/sbin/nginx -s reload #原生 检测配置文件是否正确 /usr/local/nginx/sbin/nginx -t #生产路径下的 /usr/local/nginx/sbin/nginx -t -c /home/ken/tmp/test.conf #可以测试某个临时文件 HTTP基本配置 /usr/local/nginx/conf/ - mime.types 一个文件扩展列表,它们与MIME类型关联 需要在nginx.conf中使用包含命令 include sites/*.conf; include sites/*/*.conf; 配置文件结构
http { #嵌入配置文件的根部, 一个http里可以配置多个server
server { #声明一个站点
server_name www.website.com; #监听的主机名
listen 80; #监听套接字所使用的ip地址和端口号
error_page 404 /not_found.html;
error_page 500 501 502 503 504 /server_error.html;
index index.html;
root /var/www/website/com/html; #定义文档的根目录
#location, 通过制定的模式与客户端请求的URI相匹配
location / { #网站的特定位置
}
location /admin/ { #网站的特定位置 #
alias /var/www/locked/; #只能放在 location区段中,为指定路径提供别名
}
#操作符,匹配时跟定义顺序无关
location = /abcd { #精确匹配,不能用正则
}
location /abc/ { #url必须以指定模式开始,不能用正则
}
location ^~ /abcd$ { #吴标致行为,URI定位必须以指定模式开始,如果匹配,停止搜索其他模式
}
location ~ ^/abcd$ { #正则匹配,区分大小写
}
location ~* ^/abcd$ { #正则匹配,不区分大小写
}
location @test { #定义location区段名,客户端不能访问,内部产生的请求可以,例如try_files或error_page
}
}
}
模块
模块化 nginx真正的魅力在于它的模块,整个应用程序建立在一个模块化系统之上,在编译时,可以对每一个模块进行启用或者禁用 index模块 index index.php index.html /data/website/index.html; #可以指定多个,但是ngxin提供第一个找到的文件 log_format main '$remote_addr - $remote_user [$time_local] "$request" ' access_log /var/log/test.log main; 当通过nginx将用户请求进行转发时,接收请求的应用要拿到用户的真实IP(经转发拿到的是服务器的IP) real_ip_header X-Forwarded-For; Access模块 语法 #如果规则之间有冲突,会以最前面匹配的规则为准 deny IP; deny subnet; allow IP; allow subnet; # block all ips deny all; # allow all ips allow all; 配置一个blockips.conf,然后在nginx.conf中include e.g
location {
allow 127.0.0.1; #允许本地ip 注意顺序,allow要放在前面
deny all; #禁止其他ip
}
Rewrite模块 利用正则的匹配,分组和引用,达到目的 break/return/set等
if (-f $uri) {
break
}
if ($uri ~ ^/admin/){
return 403;
}
if ($uri ~ ^/search/(.*)$) {
set $query $1;
rewrite ^ /search.php?q=$query?;
}
例子 A:http://website.com/search/some-search-keywords B:http://website.com/search.php?q=some-search-keywords rewrite ^/search/(.*)$ /search.php?q=$1?; A:http://website.com/user/31/James B:http://website.com/user.php?id=31&name=James rewrite ^/user/([0-9]+)/(.+)$ /user.php?id=$1&name=$2?; A:http://website.com/index.php/param1/param2/param3 B:http://website.com/index.php/?p1=param1&p2=param2&p3=param3 rewrite ^/index.php/(.*)/(.*)/(.*)$ /index.php?p1=$1&p2=$2&p3=$3?; rewrite语法 rewrite A B option; options:
location / {
proxy_pass_header Server; #该指令强制一些被忽略的头传递到客户端
proxy_redirect off; #允许改写出现在HTTP头却被后端服务器触发重定向的URL,对相应本身不做任何处理
proxy_set_header Host $http_host; #允许你重新定义代理header值再转到后端服务器.目标服务器可以看到客户端的原始主机名
proxy_set_header X-Real-IP $remote_addr; #目标服务器可以看到客户端的真实ip,而不是转发服务器的ip
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost:8080;
}
upstream模块
upstream up_name {
server 192.168.0.1:9000 weight=5; #权重
server 192.168.0.2:9000 weight=5 max_fails=5 fail_timeout=60s; #在60s内,其错误通信超过5次,认为该服务失效
server 192.168.0.3:9000 down; #服务标记为离线,不再使用
server 192.168.0.4:9000 backup; #备份服务器,其他全部宕机了才启用
}
其他
location /static/
{
root /var/www/app/;
autoindex off;
}
负载均衡
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 120;
tcp_nodelay on;
upstream up_localhost {
server 127.0.0.1:8000 weight=5;
server 127.0.0.1:8001 weight=10;
}
server {
listen 80;
server_name localhost;
location /{
proxy_pass http://up_localhost;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
控制页面缓存
location ~ \.(htm|html|gif|jpg|jpeg|png|bmp|ico|css|js|txt)$ {
root /opt/webapp;
expires 24h;
}
expires 1 January, 1970, 00:00:01 GMT;
expires 60s;
expires 30m;
expires 24h;
expires 1d;
expires max;
expires off;
nginx的内置变量 使用独立目录, 然后include具体配置
nginx.conf
site/
a.conf
b.conf
nginx.conf
http {
.......
include /etc/nginx/conf.d/*.conf;
include sites/*.conf;
}
gzip on nginx.conf
http {
.....
gzip on;
gzip_min_length 1k;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/javascript text/javascript application/x-javascript text/xml application/xml application/xml+rss application/json image/x-icon image/png image/jpg image/jpeg application/font-woff;
gzip_vary on;
}
for multi processers
nginx.conf
worker_processes 4;
events {
worker_connections 2048;
use epoll;
multi_accept on;
}
worker_rlimit_nofile 100000;
static file cache
location ~* \.(?:css|js)$ {
expires 12h;
access_log off;
add_header Cache-Control "public";
proxy_pass http://127.0.0.1:5000;
proxy_redirect off;
}
proxy pass
location /
{
proxy_pass http://127.0.0.1:8000;
proxy_pass_header Server;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
}
可以设置超时时间
proxy_connect_timeout 500s;
proxy_read_timeout 500s;
proxy_send_timeout 500s;
静态目录 or 文件
location /movies/ {
alias /Volumes/Media/Movies/;
allow all;
}
location = /abc.txt {
alias /data/www/static/abc.txt;
expires 30d;
access_log off;
}
静态站
server {
listen 192.168.1.1:80;
server_name www.abc.com;
client_max_body_size 1M;
access_log logs/blog_access.log;
error_log logs/blog_error.log;
root /data/static_site_dir;
index index.html;
}
return 语法 return http_code; return http_code "content"; e.g.
location /api/test/ {
return 403;
}
location /stat/ {
return 204;
}
location /ping/ {
return 200;
}
for mobile
location = / {
try_files $uri @mobile_rewrite;
}
location ~ ^/(login|register|search|album|404|album/\d+|item/\d+|topic)$ {
try_files $uri @mobile_rewrite;
}
location @mobile_rewrite {
if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {
set $mobile_rewrite perform;
}
if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {
set $mobile_rewrite perform;
}
if ($arg_mobile = 'no') {
set $mobile_rewrite do_not_perform;
}
if ($arg_mobile = 'yes') {
set $mobile_rewrite perform;
}
if ($mobile_rewrite = perform) {
rewrite ^ http://$server_name/m$request_uri permanent;
break;
}
proxy_pass http://127.0.0.1:5000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /m/
{
set $pc_rewrite 1;
if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {
set $pc_rewrite 0;
}
if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {
set $pc_rewrite 0;
}
if ($pc_rewrite = 1) {
rewrite ^/m/(.*)$ http://$server_name/$1 permanent;
}
proxy_pass http://127.0.0.1:5000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_redirect off;
}
redirect to www
server {
server_name abc.com;
rewrite ^(.*) http://www.abc.com$1 permanent;
}
allow and deny
访问ip控制
location /test/ {
allow 192.168.1.1;
deny all;
}
负载均衡
http {
upstream A {
server 192.168.1.1:5000;
server 192.168.1.2:5000;
}
}
sites/a.conf
server {
location / {
proxy_pass A;
}
}
其他 centos service cmds 检查配置文件正确性 service nginx configtest
service nginx reload |
请发表评论