标签:epoll rewrite add man erro 创建 chkconfig mkdir rar
12.6 Nginx安装
下载nginx包:
[root@hyc-01-01 src]# wget http://nginx.org/download/nginx-1.12.2.tar.gz
解压包:
[root@hyc-01-01 src]# tar zxvf nginx-1.12.2.tar.gz
初始化
[root@hyc-01-01 nginx-1.12.2]# ./configure --prefix=/usr/local/nginx
指定安装路径/usr/local/nginx
编译:
[root@hyc-01-01 nginx-1.12.2]# make
安装:
[root@hyc-01-01 nginx-1.12.2]# make install
[root@hyc-01-01 nginx-1.12.2]# ls /usr/local/nginx/
conf html logs sbin
html:样例文件目录,访问nginx时可能调用
logs:用于存放日志
sbin:核心文件
支持-t检查配置文件:
[root@hyc-01-01 nginx-1.12.2]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
编写nginx启动脚本:
[root@hyc-01-01 init.d]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
[root@hyc-01-01 init.d]# chmod 755 /etc/init.d/nginx 设置文件权限为755
设置开机启动:
[root@hyc-01-01 init.d]# chkconfig --add nginx
[root@hyc-01-01 init.d]# chkconfig nginx on
配置nginx:
[root@hyc-01-01 conf]# mv nginx.conf nginx.conf.1 不使用原来的配置文件
[root@hyc-01-01 conf]# vim nginx.conf 编写新的配置文件
user nobody nobody; /指定运行nginx的用户为nobody,当nginx访问某个文件或图片时即以nobody的身份去访问/
worker_processes 2; /定义nginx的子进程数量/
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200; /定义nginx最多可以打开文件的数量/
events
{
use epoll;
worker_connections 6000; /进程最大连接数/
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server /apache中的每个virtualhost对应一个虚拟主机,这里每个server对应一个虚拟主机,一个server即一个网站,一个网站包含多个域名/
{
listen 80;
server_name localhost; /域名/
index index.html index.htm index.php;
root /usr/local/nginx/html; /网站根目录/
location ~ \.php$ /配置解析php相关内容/
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock; /指定php-fpm的监听端口或socket/
#fastcgi_pass 127.0.0.1:9000
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
} /查不到server部分配置则无法监听80端口/
}
检查配置文件:
[root@hyc-01-01 conf]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
启动nginx:
[root@hyc-01-01 conf]# /etc/init.d/nginx start
Reloading systemd: [ 确定 ]
Starting nginx (via systemctl): [ 确定 ]
查看nginx进程:
[root@hyc-01-01 conf]# ps aux|grep nginx
root 58051 0.0 0.5 151572 5116 pts/1 T 20:23 0:00 vim nginx
root 58166 0.0 0.0 20540 632 ? Ss 21:06 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 58167 0.0 0.3 22984 3212 ? S 21:06 0:00 nginx: worker process
nobody 58168 0.0 0.3 22984 3212 ? S 21:06 0:00 nginx: worker process
root 58170 0.0 0.0 112720 984 pts/1 R+ 21:06 0:00 grep --color=auto nginx
nginx通常父进程用户为root,子进程用户为nobody
php-fpm通常父进程用户为root,子进程用户为php-fpm
测试nginx:
[root@hyc-01-01 conf]# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@hyc-01-01 conf]# cat ../html/index.html curl localhost访问的即为该文件的内容
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
Nginx中默认配置文件中的第一个server为默认虚拟主机
测试php解析:
[root@hyc-01-01 html]# vim test.php
<?php
echo "php test success";
[root@hyc-01-01 html]# curl localhost/test.php
php test success[root@hyc-01-01 html]#
12.7 Nginx默认虚拟主机
修改nginx配置文件nginx.conf:
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
include vhost/*.conf; /删除原先server的配置,新增该行/
}
该配置要求在conf目录下创建一个vhost子目录
[root@hyc-01-01 conf]# pwd
/usr/local/nginx/conf
[root@hyc-01-01 conf]# mkdir vhost
在vhost目录下创建aaa.com.conf:
[root@hyc-01-01 vhost]# vim aaa.com.conf
server
{
listen 80 default_server; default_server说明该主机为默认虚拟主机
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
}
确保/data/wwwroot/default存在:
[root@hyc-01-01 vhost]# mkdir -p /data/wwwroot/default
测试:
[root@hyc-01-01 vhost]# /usr/local/nginx/sbin/nginx –t 检测配置文件是否有错
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@hyc-01-01 vhost]# /usr/local/nginx/sbin/nginx restart 或
[root@hyc-01-01 vhost]# /usr/local/nginx/sbin/nginx -s reload
restart重启;-s reload 重新加载
[root@hyc-01-01 vhost]# curl localhost
This is aaa.com,welcome
[root@hyc-01-01 vhost]# curl -x127.0.0.1:80 aaa.com
This is aaa.com,welcome 访问正常
[root@hyc-01-01 vhost]# curl -x127.0.0.1:80 eee.com
This is aaa.com,welcome 默认虚拟主机
默认虚拟主机设置方法:
1 在vhost目录下排序靠前的.conf文件配置的虚拟主机为默认虚拟主机
[root@hyc-01-01 vhost]# curl -x127.0.0.1:80 aaa.com
This is aaa.com,welcome
[root@hyc-01-01 vhost]# curl -x127.0.0.1:80 a00.com
hello nginx
[root@hyc-01-01 vhost]# curl -x127.0.0.1:80 haoijiof.com
hello nginx 此时返回默认虚拟主机的默认页面
[root@hyc-01-01 vhost]# ls
a00.com.conf aaa.com.conf
两个.conf文件中均没有default_server相关配置
2 在vhost目录下指定的默认虚拟主机配置文件中用default_server指明该虚拟主机为默认虚拟主机
Nginx.conf配置文件中支持:
include vhost/*.conf
这样的语法
12.8 nginx用户认证
配置全站用户认证:
[root@hyc-01-01 vhost]# vim test.com.conf 编写配置文件
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /
{
auth_basic "Auth"; 定义用户认证的名称为Auth
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
[root@hyc-01-01 vhost]# /usr/local/apache2.4/bin/htpasswd -c /usr/local/nginx/conf/htpasswd hyc
生成密码文件,指定密码文件的路径,并创建用户hyc
New password:
Re-type new password:
Adding password for user hyc
[root@hyc-01-01 vhost]# /usr/local/apache2.4/bin/htpasswd /usr/local/nginx/conf/htpasswd user1
New password:
Re-type new password:
Adding password for user user1
[root@hyc-01-01 vhost]# cat /usr/local/nginx/conf/htpasswd
hyc:$apr1$Sg6oM2Nu$4/uSk5Ms7odYwD0jEQyqm1
user1:$apr1$/4tg1kXs$V.392wqzQSypyTsK3o1OP.
生成密码文件需要使用httpd的密码文件生成工具,所以需要安装httpd;
-c仅在第一次使用/usr/local/apache2.4/bin/htpasswd时添加,每次使用-c参数都会重新生成htpasswd文件,会覆盖原来文件的用户名密码
[root@hyc-01-01 vhost]# /usr/local/nginx/sbin/nginx –t 检测配置文件的错误
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@hyc-01-01 vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@hyc-01-01 vhost]#
使用-s reload重新加载配置,若配置文件有问题不会影响原来的nginx进程,nginx不会重启
[root@hyc-01-01 test.com]# curl -uhyc:hyc940421 -x127.0.0.1:80 test.com
welcome to test.com
配置部分用户认证:
[root@hyc-01-01 vhost]# vim test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /admin
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
测试:
[root@hyc-01-01 admin]# curl -uhyc:hyc940421 -x127.0.0.1:80 test.com/admin/
this is test.com/admin 认证成功
[root@hyc-01-01 admin]# curl -x127.0.0.1:80 test.com/admin/
<html> 不做认证出现401报错
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[root@hyc-01-01 admin]# curl -x127.0.0.1:80 test.com
welcome to test.com 无需认证直接访问
配置针对一个单独的url认证:
[root@hyc-01-01 vhost]# vim test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
测试:
[root@hyc-01-01 vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@hyc-01-01 vhost]# curl -uhyc:hyc940421 -x127.0.0.1:80 test.com/admin.php
fix admin.php success
[root@hyc-01-01 vhost]# curl -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
12.9 nginx域名重定向
配置:
[root@hyc-01-01 vhost]# vim test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != 'test.com' ){
rewrite ^/(.*)$ http://test.com/$1 permanent; 第一部分:^以什么开头,^的前面是域名,该部分指代域名后的部分,写全为http://$host/(.*)$ ,permanent即301,302为redirect
}
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
测试:
[root@hyc-01-01 vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@hyc-01-01 vhost]# curl -x127.0.0.1:80 test2.com -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.12.2
Date: Tue, 14 Aug 2018 00:23:33 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://test.com/ 域名发生跳转
标签:epoll rewrite add man erro 创建 chkconfig mkdir rar
原文地址:http://blog.51cto.com/12216458/2159490