#nginx -V (-V 可以显示出当时的标准,添加了什么模块)
[root@proex nginx-1.8.0]# ./configure --help |grep proxy
--without-http_proxy_module disable ngx_http_proxy_module
--http-proxy-temp-path=PATH set path to store
http proxy temporary files
--with-mail enable POP3/IMAP4/SMTP proxy module
[root@proex nginx-1.8.0]# ./configure --with-mail (装模块)
[root@room1pc01 nginx-1.8.0]# ./configure --help (出来的模块,如果是--whithout 默认自带模块,
如果不需要默认模块:[root@proex nginx-1.8.0]# ./configure --without-http_proxy_module )
kill -2 firefox (kill -2 等于 ctrl+c中断 退出,非交互式用于代替它在脚本使用)
ps -aux |grep a.txt (pid 5256)
kill -19 5256 (-19 等于暂时操作 睡)
kill -9 firefox (强杀 -9信号)
------------------------------------------------------------------------------------------------------------------------------------
脚本实验安装比较简单:(下载的包里有安装脚本,不需要按源码包安装)
代理服务器:
#tar -xf lnmp_soft-2016-7-20.tar.gz
#cd lnmp_soft
#./install_lnmp.sh (按1安装Nginx)
..............................
装好后按9退出,
#9
#ln -s /usr/local/nginx/sbin/nginx /usr/sbin/
(关掉别的80端口,再开启nginx)
#nginx(开启服务)
------------------安装Nginx(现在做网站的主流 代替了之前的Apache)----------------------------------------------------------------------
1.先下载源码包保存,并安依赖包。(一般需要什么装什么包,先查看下该包的官网,就知道依赖包了,并附有说明提示等)
#yum -y install gcc pcre-devel openssl-devel
2.解包:
#tar -xzf nginx-1.7.10.tar.gz
3../configure 可加模块(./configure --help 可查看到所有模块)
#cd nginx-1.7.10
#./configure \
>--prefix=/usr/local/nginx \
>--with-http_ssl_module
4.编译安装:
#make && make install
注意事项:Nginx也是80端口,使用该服务器时先关闭别的80端口服务。再启动Nginx服务。
#ln -s /usr/local/nginx/sbin/nginx /usr/sbin/
#nginx
#nginx 启动
#nginx -s stop 关闭
#nginx -s reload 重新读取配置文件
#ls /usr/local/nginx/
sbin/ 主程序
html/ 页面文件
logs/ 日志和pid文件
conf/ 配置文件
###########################################################################################333
注意:如果nginx安装完后,还需要装模块:只需这几步: 1. #./configure >--with接模块....
2.编译安装:#make 就行了。 然后把编译好的objs/nginx 拷贝到/usr/local/nginx/objs/下 替换之前的nginx
#############################################################################################3
----------------------------------------------------------------------------------------------------------------------------------
Nginx平滑升级
#tar -zxf nginx-1.8.tar.gz
#cd nginx-1.8.0
#./configure \
>--prefix=/usr/localnginx \
>--with_http_ssl_module
#make
#mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
#cp objs/nginx /usr/local/nginx/sbin/
#make upgrade
-----------------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~公司升级nginx1.8到1.9~~~~~~~~~~~~~~~~~~~~~~~~~~
1.下载新的软件包nginx1.9
解包
tar -zxf nginx .......
cd lnmp_soft
./configure ( 会在/root/nginx1.9/下产生一个objs目录,下面会有一个nginx编译好的文件)
make (将src源代码转换为2进制语言)
2. cd /usr/local/nginx/sbin
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old (将老的备份改名,以防新的不好用,到时换回来)、
3.将安装新的/root/nginx-1.9.0/objs/nginx复制到/usr/local/nginx/sbin/
cp /root/ nginx-1.9.0/objs/nginx /usr/local/nginx/sbin/
4.make upgrade (kill 1.8 nginx 1.9)把开启的1.8版本切换到1.9运行。
『『下面这一步不能做』』
((*****这**步**不**能**做****** make install *****相当于把新的logs,html,etc,sbin替换了之前的,这将丢失了之前的etc配置文件,html网页文件,logs日志文件 ,以及sbin下的主程序都没了,网站能写好的内容都没了业务就会down了,这不是升级想要的结果,版本升级只是想替换/sbin/下的主程序))
~~~~后篇,如果1.9不好用,换回1.8用~~~~~换回来~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1.先把nginx1.9的nginx编译好的改名,再把nginx1.8原来的换回来并改回原名。
1) mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old19
2) mv /usr/local/nginx/sbin/nginx.old /usr/local/nginx/sbin/nginx
2.把正在运行的1.9切回到1.8不能用make upgrade (这个时升级的命令)
1) nginx -s stop
2) nginx
~~~~后篇,如果1.9不好用,换回1.8用~~~~~换回来~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------------------------------------------------------------------------------------===
一个server是一个虚拟web主机,一个locateion是一个虚拟主机下的网站网页路径,所有的server都是在http()括号里,所有的location在各自的server{}
-----------------------------------------------------------------------------------------------------------------------------------------------------=
Nginx的认证和访问控制
访问控制
1)在主配置文件中添加:deny 192.168.4.254;(拒绝真机)
allow all;(允许所有)
#vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name localhost;
deny 192.168.4.254;
allow all;
}
#echo "hellow" >/usr/local/nginx/html/index.html
2)测试:
客户机 (192.168.4.100):可以访问
[root@host~]#curl http://192.168.4.5 或 firefox http://192.168.4.5
hellow
真实机(4.254)拒绝了
[root@room1pc01 ~]#curl http://192.168.4.5
<html>
..................
用户认证
在主配置文件中添加:auth_basic "任意字符";
auth_basic_use_file "/usr/local/nginx/pass";
1)#vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name local-host;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
auth_basic "任意字符";
auth_basic_user_file "/usr/local/nginx/pass";
2)#cd /usr/local/nginx/
#ls (下面不会有pass文件存在)
#yum -y install httpd-tools
#htpasswd -cm /usr/local/nginx/pass tom (-c创建这个文件pass m是对密码加密)
#htpasswd -m /usr/local/nginx/pass carry(创下一个用户不能加c,不能会把之前文件覆盖,之前用户就丢了)
[root@pc1~]#cat /usr/local/nginx/pass
carry:$dfaff24132f4s32f4fsaasasd4f24/
tom:$dfasfa54654asfas5df4a3/
#nginx -s reload
测试:能拼通就行(真机测试需要把上面一步操作注释掉)#firefox http://192.168.4.5
#firefox http://192.168.4.5
在弹出的页面中输入:帐号,密码就行。
在代理服务器上查看日志状态:#tailf /usr/local/nginx/logs/error.log
(按enter建到空白处,然后在真机上测试,输入用户名或密码错误时,该日志会有相应报错提醒)
------------------------------------------------------------------—————————————————————————————————————
http://192.168.4.5(默认是主页,会在ip后自动加/访问的时/html/index.html,主配置文件中默认也可设置哦)
http://192.168.4.5/test/ (这个是网页二级目录,访问的时/html/test/index.html)
location 匹配用户地址栏URL
給网站间二级目录/test,并生成index.html.且test下网页只能192.168.4.254访问,主页文件都能访问。
1)mkdir /usr/local/nginx/html/test
echo "hell" >/usr/local/nginx/html/test/index.html
2)主配置文件/usr/local/nginx/conf/nginx.conf中添加一个location地址栏目录
# vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location /test {
allow 192.168.4.254;
deny all;
}
}
# nginx -s reload
测试:(在location /test下 那两行子目录不能写 直接做允许拒绝就可以)
真机:[root@room1pc01 桌面]# curl http://192.168.4.5
hello
[root@room1pc01 桌面]# curl http://192.168.4.5/test/
hell
客户机:[root@host ~]# curl http://192.168.4.5
hello
[root@host ~]# curl http://192.168.4.5/test/
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
注意:::诺下面时这样的!
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location /test {
allow 192.168.4.254;
deny all;
}
location / {
deny all;
}
}
二级目录/test下网页192.168.4.254能访问,虽然根拒绝了但访问,但都是精准访问,所以会忽略根一级目录拒绝。/一级目录网页所有用户就不能访问。(/html默认)
++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++
【目录格式】
一级目录:/html
location / {
root html;
index index.html index.htm;
二级目录:/html/test/.... (默认情况下二级目录在一级目录/html下,但这个是可设置的)
location /test {
allow 192.168.4.254;
deny all;
一级目录:/web
location / {
root web;
index index.html index.htm;
++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++
------------------------------------------------------------------------------------------------------------------------
主配置文件/usr/local/nginx/conf/nginx.conf 中添加一个server,并设置域名为www.b.com 把上面server_name localhost域
名改成www.a.com.
(一个server是一个虚拟主机,所有server都要在http{}中)
nginx虚拟主机(端口,域名,IP)
1) # vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.a.com;
location / {
root html;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.b.com;
location / {
root web;
index index.html index.htm;
}
}
# nginx -s reload
2) mkdir /usr/local/nginx/web (/web和/html同等关系 上面的“/”指/usr/local/nginx/下)
echo "world" > /usr/local/nginx/web/index.html
3)测试:
在客户机测试:(192.168.4.100)
[root@host ~]# vim /etc/hosts
192.168.4.5 www.b.com www.a.com
命令测试:
[root@host ~]# curl http://www.b.com (打开的web/index.html)
world
[root@host ~]# curl http://www.a.com (打开的html/index.html)
hello
页面测试:
[root@host ~]#firefox http://www.b.com
扩展:如果测试时打的不是域名:curl http://www.a/b.com,打的是:curl http://192.168.4.5,这时看出现的网页就看虚拟主机那个server在前面,
打开的就是谁对应的路径下网页,也可直接设置一个默认的主页default,这时与位置没关系,如下:
server {
listen 80 default;
location / {
root default;
index index.html index.htm;
}
}
[root@proxe nginx]# nginx -s reload
[root@proxe nginx]# mkdir /usr/local/nginx/default
[root@proxe nginx]# echo "9999999" >/usr/local/nginx/default/index.html
[root@host ~]# curl http://192.168.4.5 (就是default网也下)
9999999
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
加密算法分类
对称算法:AES,DES (单机)【RAR,zip设密码用的这种】1G 1G+
非对称算法:DSA,RSA (网络传输用非对称 如ssh) 1G 1G+
信息摘要:md5,sha256... (确保信息数据完整性) 1G/1字符 15字符
Nginx加密网站: (nginx时就需要加一个模块>--with-http_ssl_module)
#cd /usr/local/nginx/conf
#openssl genrsa -out my.key
//生成rsa算法的私钥
实验:
代理服务器(192.168.4.5):
#cd /usr/local/nginx/conf/
# openssl genrsa -out my.key
//生成私钥文件my.key
#openssl req -new -x509 -key my.key -out my.crt
//生成签名证书 my.crt
国家\省份\城市\公司\部门\主机\邮箱
#ls
#vim nginx.conf
...............
server {
listen 443 ssl;
server_name www.test.com;
ssl_certificate my.crt; 证书
ssl_certificate_key my.key;私钥
..................
location / {
root sec;
index index.html;
}
}
#mkdir /usr/local/nginx/sec
#echo "1111111" >/usr/local/nginx/sec/index.html
# nginx -s reload
客户端验证(192.168.4.100)
[root@host ~]# vim /etc/hosts
192.168.4.5 www.test.com
[root@host ~]# firefox https://www.test.com
第一回打开会弹出一次在浏览中,选择证书认证等......
********这里证书认证用https****************
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
在原来的三台主机上再加一台web2,eth1是192.168.2.200.
host(client):192.168.4.100 eth0
proex(nginx代理): 192.168.4.5 eth0
192.168.2.5 eth1
web1: 192.168.2.100 eth1
web2: 192.168.2.200 eth1
---------------------------------
++++++++++++++++++++++++++
下面实验是把nginx做调度器
++++++++++++++++++++++++++
两台web服务器:
#yum -y install httpd
#service httpd restart
web1:
[root@web1 ~]# echo "100" >/var/www/html/index.html
web2:
[root@web2 ~]# echo "200" >/var/www/html/index.html
proex(nginx代理):(昨天实验在配置文件中改得比较多,为了不影响,还原一下。)
[root@proex conf]# cp nginx.conf.default nginx.conf.default1
[root@proex conf]# mv nginx.conf nginx.conf1
[root@proex conf]# mv nginx.conf.default1 nginx.conf (主配置文件还原成模板)
[root@proex conf]# vim nginx.conf
...
http{
upstream test {
server 192.168.2.100;
server 192.168.2.200;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://test;
root html;
index index.html;
}
}
}
『在http{}中,server{}前,定义上游后台服务器(test集群),然后在server{}中,location / { 下 proxy_pass http://test;』
测试:
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
200
客户端测试
#firefox http://192.168.4.5/
客户端访问代理,代理将请求转发给后台
web1和web2,默认为轮循转发。
加参数后效果:
1)
upstream test {
server 192.168.2.100 weight=2;
server 192.168.2.200;
}
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
200
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
200
2)
upstream test {
server 192.168.2.100;
server 192.168.2.200 max_fails=1 fail_timeout=10;
}
把web2:service httpd stop
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
把web2:service http restart
测试(10秒后才出能现修复号的2.200)
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
200
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
200
3)
upstream test {
server 192.168.2.100;
server 192.168.2.200 down;
}
测试:
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
[root@host ~]# curl http://192.168.4.5
100
4)
upstream test {
ip_hash;
server 192.168.2.100;
server 192.168.2.200;
}
测试:
[root@host ~]# curl http://192.168.4.5
200
[root@host ~]# curl http://192.168.4.5
200
[root@host ~]# curl http://192.168.4.5
200
修改调度算法为ip_hash;相同的客户端,始终访问相同的服务器
upstream选项:
upstream test {
#ip_hash;
server 192.168.2.100 weight=1;
server 192.168.2.200 max_fails=1 fail_timeout=30;
server 192.168.2.201 down;
server 192.168.2.202 backup; (所有集群down了backup才使用)
}
默认调度算法:轮询
设置权重:weight=N,默认权重为1
nginx会自动进行健康检查
最大失败次数max_fails=1
fail_timeout=30 秒
标记为down的主机,不参与集群转发
修改调度算法为ip_hash;相同的客户端,始终访问相同的服务器
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
原文地址:http://12346621.blog.51cto.com/12336621/1900014