Nginx ("engine x") 是一个高性能的 HTTP 和反向代理服务器,也是一个 IMAP/POP3/SMTP服务器Nginx是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,并在一个BSD-like 协议下发行,其特点是占有内存少,并发能力强,事实上nginx的并发能力确实在同类型的网页服务器中表现较好,其将源代码以类BSD许可证的形式发布,因它的稳定性、丰富的功能集、示例配置文件和低系统资源的消耗而闻名
Nginx作为负载均衡服务器:Nginx既可以在内部直接支持 Rails 和 PHP 程序对外进行服务,也可以支持作为 HTTP代理服务器对外进行服务。Nginx采用C进行编写,不论是系统资源开销还是CPU使用效率都比 Perlbal 要好很多。
简单案例配置
环境centos6.5 32位
nginx-1.9.4.tar.gz
安装
[root@new ~]# yum --disablerepo=\* --enablerepo=c6-media groupinstall "Development tools" -y [root@new ~]# tar -zxvf nginx-1.9.4.tar.gz -C /usr/local/src/ [root@new ~]# cd /usr/local/src/nginx-1.9.4/ [root@new nginx-1.9.4]# yum --disablerepo=\* --enablerepo=c6-media install openssl-devel pcre-devel -y [root@new nginx-1.9.4]# ./configure > --prefix=/usr/local/nginx > --conf-path=/etc/nginx/nginx.conf > --error-log-path=/var/log/nginx/error.log > --http-log-path=/var/log/nginx/access.log > --pid-path=/var/run/nginx/nginx.pid > --lock-path=/var/lock/nginx.lock > --user=nginx > --group=nginx > --with-http_ssl_module > --with-http_flv_module > --with-http_stub_status_module > --with-http_gzip_static_module > --http-client-body-temp-path=/var/tmp/nginx/client/ > --http-proxy-temp-path=/var/tmp/nginx/proxy/ > --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ > --with-pcre [root@new nginx-1.9.4]# groupadd nginx [root@new nginx-1.9.4]# useradd -r -g nginx nginx [root@new nginx-1.9.4]# make && make install 启动 /usr/local/nginx/sbin [root@new sbin]# nginx [root@new sbin]# nginx –s reload
虚拟主机:
1.物理目录
2.虚拟目录
3.基于主机头和基于IP地址
4.身份验证
产生账号库
[root@new html]# htpasswd /usr/local/nginx/html/.htpasswd user1
5.来源控制
Ssl
[root@new ~]# cd /etc/pki/CA/ [root@new CA]# touch index.txt [root@new CA]# touch serial [root@new CA]# echo "01" >serial [root@new CA]# cd .. [root@new pki]# cd tls/ [root@new tls]# vim openssl.cnf drwxr-xr-x. 5 root root 4096 Aug 27 17:02 . drwxr-xr-x. 9 root root 4096 Jul 7 03:38 .. -rw-r--r--. 1 root root 16384 Aug 27 11:31 .openssl.cnf.swp lrwxrwxrwx. 1 root root 19 Jul 7 03:37 cert.pem -> certs/ca-bundle.crt drwxr-xr-x. 2 root root 4096 Jul 7 03:38 certs drwxr-xr-x. 2 root root 4096 Jul 7 03:38 misc -rw-r--r--. 1 root root 10906 Sep 27 2013 openssl.cnf drwxr-xr-x. 2 root root 4096 Nov 22 2013 private [root@new tls]# rm .openssl.cnf.swp rm: remove regular file `.openssl.cnf.swp‘? y [root@new tls]# vim openssl.cnf [root@new tls]# pwd /etc/pki/tls [root@new tls]# cd.. -bash: cd..: command not found [root@new tls]# cd .. [root@new pki]# openssl genrsa 1024 >CA/private/cakey.pem Generating RSA private key, 1024 bit long modulus .................................++++++ ......................++++++ e is 65537 (0x10001) [root@new pki]# chmod 600 CA/private/cakey.pem [root@new pki]# cd CA/ [root@new CA]# openssl req -new -key private/cakey.pem -x509 -out cacert.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [CN]:CN State or Province Name (full name) []:BINGJING Locality Name (eg, city) [BINGJING]:BINGJING Organization Name (eg, company) [Default Company Ltd]:ABC Organizational Unit Name (eg, section) []:COM Common Name (eg, your name or your server‘s hostname) []:WWW Email Address []: [root@new CA]# mkdir /etc/nginx/certs [root@new CA]# cd /etc/nginx/certs/ [root@new certs]# openssl genrsa 1024 >nginx.key Generating RSA private key, 1024 bit long modulus ......................++++++ ...................................................++++++ e is 65537 (0x10001) [root@new certs]# chmod 600 nginx.key [root@new certs]# ll total 4 -rw-------. 1 root root 887 Aug 27 17:18 nginx.key [root@new certs]# openssl req -new -key nginx.key -out nginx.req You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [CN]:CN State or Province Name (full name) []:QWE Locality Name (eg, city) [BINGJING]:BINGJING Organization Name (eg, company) [Default Company Ltd]:YYY Organizational Unit Name (eg, section) []:JJJ Common Name (eg, your name or your server‘s hostname) []:KKK Email Address []: Please enter the following ‘extra‘ attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@new certs]# [root@new certs]# openssl ca -in nginx.req -out nginx.crt Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Aug 27 09:22:16 2015 GMT Not After : Aug 26 09:22:16 2016 GMT Subject: countryName = CN stateOrProvinceName = QWE organizationName = YYY organizationalUnitName = JJJ commonName = KKK X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: B4:81:50:C7:73:97:8A:92:01:0E:AA:C6:EA:A4:50:B6:C1:9C:5E:6A X509v3 Authority Key Identifier: keyid:F5:9A:5E:BD:11:08:96:4B:46:85:E6:74:5F:72:96:10:18:88:21:EA Certificate is to be certified until Aug 26 09:22:16 2016 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@new certs]# cd /etc/nginx/nginx.conf -bash: cd: /etc/nginx/nginx.conf: Not a directory [root@new certs]# vim /etc/nginx/nginx.conf [root@new certs]# cd /usr/local/nginx/sbin/ [root@new sbin]# ./nginx -s reload nginx: [emerg] unknown directive "HTTPS" in /etc/nginx/nginx.conf:166 [root@new sbin]# vim /etc/nginx/nginx.conf [root@new sbin]# ./nginx -s reload [root@new sbin]# cd /etc/pki/ [root@new pki]# ll total 28 drwxr-xr-x. 6 root root 4096 Aug 27 17:22 CA drwxr-xr-x. 4 root root 4096 Jul 7 03:37 ca-trust drwxr-xr-x. 2 root root 4096 Jul 7 03:37 java drwxr-xr-x. 2 root root 4096 Jul 7 03:37 nssdb drwxr-xr-x. 2 root root 4096 Jul 7 03:36 rpm-gpg drwx------. 2 root root 4096 Nov 22 2013 rsyslog drwxr-xr-x. 5 root root 4096 Aug 27 17:08 tls [root@new pki]# cd CA/ [root@new CA]# ll total 36 -rw-r--r--. 1 root root 940 Aug 27 17:16 cacert.pem drwxr-xr-x. 2 root root 4096 Nov 22 2013 certs drwxr-xr-x. 2 root root 4096 Nov 22 2013 crl -rw-r--r--. 1 root root 61 Aug 27 17:22 index.txt -rw-r--r--. 1 root root 21 Aug 27 17:22 index.txt.attr -rw-r--r--. 1 root root 0 Aug 27 17:01 index.txt.old drwxr-xr-x. 2 root root 4096 Aug 27 17:22 newcerts drwx------. 2 root root 4096 Aug 27 17:13 private -rw-r--r--. 1 root root 3 Aug 27 17:22 serial -rw-r--r--. 1 root root 3 Aug 27 17:02 serial.old [root@new CA]# cd private/ [root@new private]# ll total 4 -rw-------. 1 root root 887 Aug 27 17:13 cakey.pem [root@new private]# cp cakey.pem /etc/nginx/certs/ [root@new private]# cd /etc/nginx/certs/ [root@new certs]# ll total 16 -rw-------. 1 root root 887 Aug 27 17:58 cakey.pem -rw-r--r--. 1 root root 3004 Aug 27 17:22 nginx.crt -rw-------. 1 root root 887 Aug 27 17:18 nginx.key -rw-r--r--. 1 root root 631 Aug 27 17:21 nginx.req [root@new certs]# cp nginx.crt nginx.crt.bak [root@new certs]# cat nginx.crt cakey.pem >nginx.crt cat: nginx.crt: input file is output file [root@new certs]# vim nginx.crt [root@new certs]# mv nginx.crt ni [root@new certs]# ll total 20 -rw-------. 1 root root 887 Aug 27 17:58 cakey.pem -rw-r--r--. 1 root root 3004 Aug 27 18:00 nginx.crt.bak -rw-------. 1 root root 887 Aug 27 17:18 nginx.key -rw-r--r--. 1 root root 631 Aug 27 17:21 nginx.req -rw-r--r--. 1 root root 887 Aug 27 18:00 ni [root@new certs]# cat nginx.crt.bak cakey.pem >nginx.crt [root@new certs]# vim nginx.crt [root@new certs]# cd /usr/local/nginx/sbin/ [root@new sbin]# ./nginx -s reload
本文出自 “监督局” 博客,请务必保留此出处http://shuoshuo234.blog.51cto.com/10531943/1692353
原文地址:http://shuoshuo234.blog.51cto.com/10531943/1692353
