第 1 章 Nginx

本文涉及的产品
RDS MySQL Serverless 基础系列,0.5-2RCU 50GB
云数据库 RDS MySQL,集群系列 2核4GB
推荐场景:
搭建个人博客
RDS MySQL Serverless 高可用系列,价值2615元额度,1个月
简介:

目录

1.1. Installing
1.1.1. Netkiller OSCM 一键安装 (CentOS 7)
1.1.2. Installing by apt-get under the debain/ubuntu
1.1.3. CentOS
1.1.3.1. spawn-fcgi script
1.1.3.2. php-fpm
1.1.3.3. fastcgi backend
1.1.4. installing by source
1.1.5. CentOS 7
1.1.6. Mac
1.1.6.1. php-fpm
1.1.7. rotate log
1.1.7.1. log shell
1.1.7.2. /etc/logrotate.d/nginx
1.2. Nginx 命令
1.2.1. -V show version and configure options then exit
1.2.2. -t : test configuration and exit
1.2.3. test configuration, dump it and exit
1.3. nginx 配置文件
1.3.1. http 配置
1.3.2. events
1.3.3. gzip
1.3.3.1. CDN支持
1.3.4. server_tokens
1.3.5. ssi
1.3.6. server
1.3.6.1. listen
1.3.6.2. 单域名虚拟主机
1.3.6.3. ssl 虚拟主机
1.3.6.4. server_name 配置
1.3.6.5. root 通过$host智能匹配目录
1.3.6.6. location
1.3.6.7. expires
1.3.6.7.1. 通过 add_header / more_set_headers 设置缓存
1.3.6.7.2. $request_uri
1.3.6.7.3. $request_filename
1.3.6.8. access
1.3.6.9. autoindex
1.3.6.10. try_files
1.3.6.11. add_header
1.3.6.11.1. Cache
1.3.6.11.2. Access-Control-Allow
1.3.7. HTTP2 配置 SSL证书
1.3.7.1. 自颁发证书
1.3.7.2. spdy
1.3.7.3. HTTP2
1.3.7.4. 用户访问 HTTP时强制跳转到 HTTPS
1.3.7.5. SSL 双向认证
1.3.7.5.1. 生成证书
1.3.7.5.1.1. CA
1.3.7.5.1.2. 服务器端
1.3.7.5.1.3. 客户端
1.3.7.5.1.4. 浏览器证书
1.3.7.5.1.5. SOAP 证书
1.3.7.5.1.6. 过程演示
1.3.7.5.2. Nginx 配置
1.3.7.5.3. 测试双向认证
1.3.8. rewrite
1.3.8.1. http get 参数处理
1.3.8.2. 正则取非
1.3.9. upstream 负载均衡
1.3.9.1. weight 权重配置
1.3.9.2. backup 实现热备
1.3.10. fastcgi
1.3.10.1. spawn-fcgi
1.3.10.2. php-fpm
1.3.10.2.1. php5-fpm
1.3.10.2.2. 编译 php-fpm
1.3.10.2.2.1. php-fpm 状态
1.3.10.2.3. fastcgi_pass
1.3.11. return
1.3.12. Nginx 变量
1.3.12.1. $host
1.3.12.2. http_user_agent
1.3.12.2.1. 禁止非浏览器访问
1.3.12.2.2. http_user_agent 没有设置不允许访问
1.3.12.3. http_referer
1.3.12.3.1. valid_referers/invalid_referer
1.3.12.4. request_filename
1.3.12.5. request_uri
1.3.12.6. remote_addr
1.3.12.7. http_cookie
1.3.12.8. request_method
1.3.12.9. limit_except
1.3.12.10. invalid_referer
1.3.12.11. $request_body - HTTP POST 数据
1.3.12.11.1. 用户日志
1.3.12.11.2. $request_body 用于缓存
1.3.12.12. 自定义变量
1.3.12.13. if 条件判断
1.4. Proxy
1.4.1. proxy_cache
1.4.2. rewrite + proxy_pass
1.4.3. request_filename + proxy_pass
1.4.4. $request_uri 与 proxy_pass 联合使用
1.4.5. try_files 与 proxy_pass 共用
1.4.6. Proxy 与 SSI
1.4.7. Host
1.4.8. expires
1.4.9. X-Forwarded-For
1.4.10. X-Sendfile
1.4.11. proxy_http_version
1.4.12. proxy_set_header
1.4.13. timeout 超时时间
1.4.14. example
1.4.14.1. upstream 实例
1.4.14.2. Tomcat 实例
1.4.14.3. Nginx -> Nginx -> Tomcat
1.4.14.4. Proxy 处理 Cookie
1.4.14.5. Proxy 添加 CORS 头
1.4.14.6. 通过 Proxy 汉化 restful 接口
1.5. Nginx module
1.5.1. stub_status
1.5.2. sub_filter 页面中查找和替换
1.5.3. auth_basic
1.5.4. valid_referers
1.5.5. ngx_http_flv_module
1.5.6. ngx_http_mp4_module
1.5.7. limit_zone
1.5.8. image_filter
1.5.9. ngx_stream_proxy_module
1.5.10. limit_except
1.5.11. geoip_country_code
1.6. Example
1.6.1. Nginx + Tomcat
1.6.2. 拦截index.html
1.6.3. Session 的 Cookie 域处理
1.7. FAQ
1.7.1. 405 Not Allowed?
1.7.2. 502 Bad Gateway?
1.7.3. 413 Request Entity Too Large
1.7.4. 502 Bad Gateway?
1.7.5. 499 Client Closed Request
1.7.6. proxy_pass
1.7.7. proxy_pass SESSION 丢失问题
1.7.8. [alert] 55785#0: *11449 socket() failed (24: Too many open files) while connecting to upstream
1.7.9. server_name 与 SSI 注意事项
1.7.10. location 跨 document_root 引用,引用 document_root 之外的资源
1.7.11. nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf

1.1. Installing

1.1.1. Netkiller OSCM 一键安装 (CentOS 7)

# curl -s https://raw.githubusercontent.com/oscm/shell/master/web/nginx/stable/nginx.sh | bash
			

1.1.2. Installing by apt-get under the debain/ubuntu

			
$ sudo apt-get install nginx
			
			
			
sudo /etc/init.d/nginx start
			
			

1.1.3. CentOS

http://nginx.org/packages/centos/$releasever/$basearch/

$releasever 是版本号

$basearch 处理器架构

http://nginx.org/packages/centos/6/x86_64/

			
cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/x86_64/
gpgcheck=0
enabled=1
EOF
			
			

i386

			
cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/5/i386/
gpgcheck=0
enabled=1
EOF
			
			
yum search nginx
============================================= Matched: nginx =============================================
nginx.x86_64 : high performance web server

yum install -y nginx
chkconfig nginx on
service nginx start
			

1.1.3.1. spawn-fcgi script

yum -y install spawn-fcgi
				

/etc/sysconfig/spawn-fcgi

移除SOCKET与OPTIONS注释, apache改为nginx

# cat /etc/sysconfig/spawn-fcgi
# You must set some working options before the "spawn-fcgi" service will work.
# If SOCKET points to a file, then this file is cleaned up by the init script.
#
# See spawn-fcgi(1) for all possible options.
#
# Example :
SOCKET=/var/run/php-fcgi.sock
OPTIONS="-u apache -g apache -s $SOCKET -S -M 0600 -C 32 -F 1 -P /var/run/spawn-fcgi.pid -- /usr/bin/php-cgi"
				
				
chkconfig spawn-fcgi on
				
				

starting spawn-fcgi

/etc/init.d/spawn-fcgi start
				

check port

# netstat -nl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 :::22                       :::*                        LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     25282  /var/run/php-fcgi.sock
unix  2      [ ACC ]     STREAM     LISTENING     8227   @/com/ubuntu/upstart
				
 
   

Unix domain socket

location ~ \.php$ { fastcgi_pass unix:/var/run/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name; include fastcgi_params; }

TCP/IP

/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u nginx -g nginx -d /www -C 32 -F 1 -P /var/run/spawn-fcgi.pid -f /usr/bin/php-cgi
				

				
        location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /var/www/nginx-default$fastcgi_script_name;
            include        fastcgi_params;
        }
				
				
# netstat -tulpn | grep :9000
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      26877/php-cgi
				
chkconfig nginx on
				

check config

nginx -t
				

1.1.3.2. php-fpm

rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
yum install nginx -y
				

chkconfig nginx on
				

check config

nginx -t
				
yum -y install mysql mysql-server
yum -y install php php-cgi php-mysql php-mbstring php-gd php-fastcgi
yum -y install perl-DBI perl-DBD-MySQL
				

其他 php-fpm YUM源

rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
				
# rpm -Uvh http://centos.alt.ru/repository/centos/6/i386/centalt-release-6-1.noarch.rpm
# yum update
				

1.1.3.3. fastcgi backend

				
upstream backend  {
  server   localhost:1234;
}

fastcgi_pass   backend;
				
				

1.1.4. installing by source

			
cd /usr/local/src/
wget http://www.nginx.org/download/nginx-1.0.6.tar.gz

./configure --prefix=/usr/local/server/nginx \
--with-openssl=/usr/include \
--with-pcre=/usr/include/pcre/ \
--with-http_stub_status_module \
--without-http_memcached_module \
--without-http_fastcgi_module \
--without-http_rewrite_module \
--without-http_map_module \
--without-http_geo_module \
--without-http_autoindex_module
			
			

rpm 所使用的编译参数

nginx -V
nginx: nginx version: nginx/1.0.6
nginx: built by gcc 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC)
nginx: TLS SNI support enabled
nginx: configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwcgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6
			
# nginx -V
nginx version: nginx/1.2.3
built by gcc 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g'
			

1.1.5. CentOS 7

			
#!/bin/bash
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install -y nginx

cp /etc/nginx/nginx.conf{,.original}

vim /etc/nginx/nginx.conf <<VIM > /dev/null 2>&1
:%s/worker_processes  1;/worker_processes  8;/
:%s/worker_connections  1024;/worker_connections  4096;/
:%s/#gzip/server_tokens off;\r    gzip/
:%s/#gzip/gzip/
:wq
VIM

sed -i '4iworker_rlimit_nofile 65530;' /etc/nginx/nginx.conf

systemctl enable nginx
systemctl start nginx			
			
			

测试配置文件是否正确

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful			
			

1.1.6. Mac

安装

neo@MacBook-Pro ~ % brew install nginx 			
			

启动

neo@MacBook-Pro ~ % brew services start nginx
==> Successfully started `nginx` (label: homebrew.mxcl.nginx)
			

重启

neo@MacBook-Pro /usr/local/etc/nginx % brew services restart nginx
Stopping `nginx`... (might take a while)
==> Successfully stopped `nginx` (label: homebrew.mxcl.nginx)
==> Successfully started `nginx` (label: homebrew.mxcl.nginx)			
			

配置文件在 /usr/local/etc/nginx 下,默认使用 8080端口

nginx.conf 文件如下

			
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       8080;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
    include servers/*;
}

			
			

1.1.6.1. php-fpm

mac下自带的软件

neo@MacBook-Pro ~ % php -v
PHP 5.6.30 (cli) (built: Feb  7 2017 16:18:37) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
				

启动php-fpm方法如下

cd /private/etc
sudo cp php-fpm.conf.default php-fpm.conf
				

修改error_log项, 改为error_log = /usr/local/var/log/php-fpm.log

启动 php-fpm

php-fpm
				

1.1.7. rotate log

1.1.7.1. log shell

一些特别的情况下需要切割日志,请参考下面的例子

				
# cat /srv/bin/rotatelog.sh

#!/bin/bash
# run this script at 0:00

#Nginx Log Path
log_dir="/var/log/nginx"
date_dir=`date +%Y/%m/%d/%H`

mkdir -p ${log_dir}/${date_dir} > /dev/null 2>&1
mv ${log_dir}/access.log ${log_dir}/${date_dir}/access.log
mv ${log_dir}/error.log ${log_dir}/${date_dir}/error.log

kill -USR1 `cat /var/run/nginx.pid`

gzip ${log_dir}/${date_dir}/access.log &
gzip ${log_dir}/${date_dir}/error.log &
				
				

1.1.7.2. /etc/logrotate.d/nginx

如果是非源码安装,一般情况nginx都会自带日志切割处理配置文件。

				
# cat /etc/logrotate.d/nginx
/var/log/nginx/*.log {
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
        endscript
}
				
			





原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。

相关实践学习
如何在云端创建MySQL数据库
开始实验后,系统会自动创建一台自建MySQL的 源数据库 ECS 实例和一台 目标数据库 RDS。
全面了解阿里云能为你做什么
阿里云在全球各地部署高效节能的绿色数据中心,利用清洁计算为万物互联的新世界提供源源不断的能源动力,目前开服的区域包括中国(华北、华东、华南、香港)、新加坡、美国(美东、美西)、欧洲、中东、澳大利亚、日本。目前阿里云的产品涵盖弹性计算、数据库、存储与CDN、分析与搜索、云通信、网络、管理与监控、应用服务、互联网中间件、移动服务、视频服务等。通过本课程,来了解阿里云能够为你的业务带来哪些帮助 &nbsp; &nbsp; 相关的阿里云产品:云服务器ECS 云服务器 ECS(Elastic Compute Service)是一种弹性可伸缩的计算服务,助您降低 IT 成本,提升运维效率,使您更专注于核心业务创新。产品详情: https://www.aliyun.com/product/ecs
目录
相关文章
|
1月前
|
安全 应用服务中间件 nginx
nginx allow什么意思?
综上所述,通过精心设计的 `allow`和 `deny`指令策略,Nginx能够有效地帮助管理员构建坚固的访问权限体系,确保服务在开放互联网环境中的安全与稳定。为了确保您的云服务器配置达到最优状态,推荐参考[专业云服务提供商]那里提供了包括但不限于高性能云服务器、高防服务器在内的多种解决方案,助您轻松应对各类业务挑战。
39 0
|
2月前
|
应用服务中间件 开发工具 nginx
|
6月前
|
缓存 负载均衡 应用服务中间件
2.nginx
2.nginx
48 1
|
负载均衡 前端开发 安全
nginx能帮我们做什么?
Nginx是一款高性能的开源Web服务器软件,它可以帮助我们完成以下几个方面的任务:
100 0
|
负载均衡 应用服务中间件 nginx
|
缓存 负载均衡 Unix
Nginx系列——初识
Nginx系列——初识
74 1
|
负载均衡 应用服务中间件 Apache
理解nginx
理解nginx
73 0
|
存储 机器学习/深度学习 负载均衡
nginx几个简单问题
《基础系列》
119 0
|
缓存 负载均衡 监控
|
Unix 应用服务中间件 PHP