• 2-1 什么是Nginx
  • 2-2 常见的中间件服务
  • 2-3 Nginx的特性_实现优点1
  • 2-4 Nginx特性_实现优点2
  • 2-5 Nginx特性_实现优点3
  • 2-6 Nginx特性_实现优点4
  • 2-7Nginx的快速安装
  • 2-8Nginx的目录和配置语法_Nginx 安装目录
  • 2-9Nginx的目录和配置语法_Nginx编译配置参数;
  • 2-10 Nginx的目录和配置语法_默认语法规则
  • 2-11 Nginx的目录和配置语法_默认配置与默认站点启动
  • 2-12 HTTP请求;
  • 2-13 Nginx日志_Log_format1;
  • 2-14Nginx日志_Log_format2;
  • 2-15 Nginx模块讲解;
  • 2-16 Nginx的模块讲解 _sub_status
  • 2-17 Nginx模块讲解_random_index
  • 2-18 Nginx模块讲解_sub_module
  • 2-19 Nginx模块讲解_sub_module配置演示;
  • 2-20 Nginx的请求限制_配置语法与原理1
  • 2-21 Nginx的请求限制_配置语法与原理2;
  • 2-22 Nginx的请求限制_配置语法与原理3;
  • 2-23 Nginx的访问控制_介绍访问控制的基本方式;
  • 2-24 Nginx的访问控制-access_module配置语法介绍;
  • 2-25 Nginx的访问控制-access_module配置
  • 2-26 Nginx的访问控制-access_module局限性;
  • 2-27 Nginx的访问控制-auth_basic_module配置;
  • 2-28 Nginx的访问控制-auth_basic_module局限性;

2-1 什么是Nginx

1、Nginx是一个开源且高性能、可靠的HTTP中间件、代理服务;(例如淘宝的Tengine基于Nginx的源代码二次开发修改的。)

2、Nginx的中间件架构;

  • 中间件可以有效地避免应用与操作系统的直接调用,使网站更有层次性;

Nginx的官方网站:http://nginx.org/

Nginx的下载地址:http://nginx.org/en/download.html

2-2 常见的中间件服务

1、常见的HTTP服务

  • Apache-HTTPD-Apache基金会;
  • IIS-Microsoft;
  • GWS-Google Web Server(谷歌自用,据说性能也十分优越,例如JDWS,京东的WebServer);

权威网站netcraft:https://www.netcraft.com/

Netcraft公司于1994年底在英国成立,多年来一直致力于互联网市场以及在线安全方面的咨询服务,其中在国际上最具影响力的当属其针对网站服务器,域名解析/主机提供商,以及SSL市场所做的客观严谨的分析研究。

公司官网每月公布的调研数据(Web Server Survey)已成为当今人们了解全球网站数量以及服务器市场分额情况的主要参考依据,时常被诸如华尔街杂志,英国BBC,Slashdot等媒体报道或引用。

2-3 Nginx的特性_实现优点1

1、为什么选择Nginx?

1)原因一:IO多路复用epoll;

多线程处理方式,主动上报机制,效率高!

多个描述符的I/O操作都能在一个线程内并发交替地顺序完成,这就叫I/O多路复用,这里的“复用”是指复用同一个线程;

IO多路复用的实现方式有select、poll、epoll;

2)IO多路复用的模型;

  • select模型;
  • 1)能够监视文件描述符的数量存在最大限制1024

    2)线性扫描效率低下

  • epoll模型;

    1)每当FD就绪,效率更高;

    2)最大连接无限制;

3)可以使用——结合餐厅用餐结束后,结账的场景理解;

  • 用户呼叫老板进行结账,会出现排队现象;
  • 用户主动告诉服务员,我们要结账,服务员带领,效率要高;

2-4 Nginx特性_实现优点2

1、轻量级;

  • 功能模块化(充分考虑性能,减少不必要的功能);
  • 代码模块化;

2、举例:阿里开源的Tengine,就是基于Nginx1.6二次开发的;

Tengine官网:http://tengine.taobao.org/

Tengine下载地址:http://tengine.taobao.org/download.html

  • Tengine是由淘宝网发起的Web服务器项目。它在Nginx的基础上,针对大访问量网站的需求,添加了很多高级功能和特性。Tengine的性能和稳定性已经在大型的网站如淘宝网天猫商城等得到了很好的检验。它的最终目标是打造一个高效、稳定、安全、易用的Web平台。
  • 从2011年12月开始,Tengine成为一个开源项目,Tengine团队在积极地开发和维护着它。Tengine团队的核心成员来自于淘宝搜狗等互联网企业。Tengine是社区合作的成果,我们欢迎大家参与其中,贡献自己的力量。

特性

2-5 Nginx特性_实现优点3

1、CPU亲和(Affinity与什么是CPU亲和?

  • 多核心服务器,应用在密集计算型场景;
  • 多个Nginx的work进程绑定CPU核心进行计算,减少性能损耗;

是一种把CPU核心和Nginx工作进程绑定的方式,把每个Worker进程固定在一个CPU上执行,

减少切换CPU的cache miss,获得较好的性能;

2-6 Nginx特性_实现优点4

1、nginx的sendfile机制;

1)Nginx在处理静态文件是非常有优势的(sendfile机制);

2)请求文件时候,要经过操作系统的“内核空间”和“用户空间”,最终到达socket然后传递相应给用户;对于操作系统而言,要经过“内核空间”和“用户空间”,即发生多次的切换操作;我们知道,静态文件不需要经过复杂的逻辑处理,可直接通过“内核空间”传输处理;

3)sendfile正是利用了以上的机制,在Linux2.2内核之后出来的“零拷贝”的传输模式,即将文件只通过“内核空间”进行传递给socket,响应给用户,避免了频繁切换,效率十分高;例如在CDN服务中,处理静态文件效率非常高;

2-7Nginx的快速安装

1、Nginx快速搭建与基本参数使用;

  • Mainline version-开发版;测试、研究学习,企业生产环境不建议使用!
  • Stable Version-稳定版;企业生产环境可以使用;
  • Legacy Version -历史版本,不再建议使用;

Nginx的官方网站:http://nginx.org/

Nginx的下载地址:http://nginx.org/en/download.html

Nginx的历史变动:http://nginx.org/en/CHANGES

用于安全校验的PGB:http://nginx.org/download/nginx-1.13.12.tar.gz.asc

-----BEGIN PGP SIGNATURE-----

iQEcBAABAgAGBQJazMZtAAoJEFIKmZOhwFL4ck4H/jktPkExP1M1U/BKmOfK4whT
R4fyPT4JW6Sl8fWP26Ws//b9VwqBsfMgrh+tosS26gFqU/PY17hgD12mfGSKIvSh
DyQZ2G2bD140s3KCHUKbEuKp0JfAm2p+Fj88gys1oWf5Jy+U1YRFQqEA9SYjDGXQ
Do0TEcX34jNkGViDWTFH/WxrVpuO/X0UMqZ5Pi1UprZDXRXmufzt5171llVMrc57
3+DAYAn+Ve6L+XEYOI4N3YPgPrwZCbO4ZzPw5xdjd7LFRYfnu5eBdPcUAATTmnIb
orxow0q/wHJN+Nze1M+iDK6kEDw/RYQcBfNBR27fra4lW7jXTIoHS1vRK0l2Trg=
=cCkV
-----END PGP SIGNATURE-----

2、CentOS下Yum安装,基于CentOS7或RHEL7安装方式;

稳定版本的介绍:http://nginx.org/en/linux_packages.html#stable

 Pre-Built Packages for Stable version
To set up the yum repository for RHEL/CentOS, create the file named /etc/yum.repos.d/nginx.repo with the following contents: [nginx]
name=nginx repo
baseurl=http://nginx.org/packages/OS/OSRELEASE/$basearch/
gpgcheck=0
enabled=1
#注意下方的提示说明,依据Linux发行版是RHEL或者CentOS以及大版本的数值,来指定OSRELEASE的值为6或者7以及centos还是rhel
Replace “OS” with “rhel” or “centos”, depending on the distribution used, and “OSRELEASE” with “6” or “7”, for 6.x or 7.x versions, respectively.
  • vim /etc/yum.repos.d/nginx.repo#新增一个nginx的repo文件,内容填写nginx的yum源信息;

repo文件详解:https://www.cnblogs.com/nineep/p/6795692.html

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/#注意此处的centos以及大版本号7;
gpgcheck=0
enabled=1
  • yum list|grep nginx
  • yum install -y nginx

3、nginx 安装成功的标致

  • nginx -v#查看版本号;
  • nginx -V#查看Nginx的编译安装参数;

nginx快速安装的操作命令:

[BEGIN] 2018/5/26 星期六 11:30:59
[root@iZqmo9i3j77p7eZ opt]# cd /etc/yum.repos.d/
[root@iZqmo9i3j77p7eZ yum.repos.d]# ls
CentOS-Base.repo epel.repo
[root@iZqmo9i3j77p7eZ yum.repos.d]# ll
total 8
-rw-r--r-- 1 root root 1047 May 26 11:18 CentOS-Base.repo
-rw-r--r-- 1 root root 331 May 26 11:18 epel.repo
[root@iZqmo9i3j77p7eZ yum.repos.d]# vim nginx.repo
total 8
-rw-r--r-- 1 root root 1047 May 26 11:18 CentOS-Base.repo
-rw-r--r-- 1 root root 331 May 26 11:18 epel.repo
[root@iZqmo9i3j77p7eZ yum.repos.d]# vim nginx.repo
[root@iZqmo9i3j77p7eZ yum.repos.d]# yum list|grep nginx
collectd-nginx.x86_64 5.8.0-3.el7 epel
munin-nginx.noarch 2.0.33-1.el7 epel
nextcloud-nginx.noarch 10.0.4-2.el7 epel
nginx.x86_64 1:1.14.0-1.el7_4.ngx nginx
nginx-all-modules.noarch 1:1.12.2-2.el7 epel
nginx-debug.x86_64 1:1.8.0-1.el7.ngx nginx
nginx-debuginfo.x86_64 1:1.14.0-1.el7_4.ngx nginx
nginx-filesystem.noarch 1:1.12.2-2.el7 epel
nginx-mod-http-geoip.x86_64 1:1.12.2-2.el7 epel
nginx-mod-http-image-filter.x86_64 1:1.12.2-2.el7 epel
nginx-mod-http-perl.x86_64 1:1.12.2-2.el7 epel
nginx-mod-http-xslt-filter.x86_64 1:1.12.2-2.el7 epel
nginx-mod-mail.x86_64 1:1.12.2-2.el7 epel
nginx-mod-stream.x86_64 1:1.12.2-2.el7 epel
nginx-module-geoip.x86_64 1:1.14.0-1.el7_4.ngx nginx
nginx-module-geoip-debuginfo.x86_64 1:1.14.0-1.el7_4.ngx nginx
nginx-module-image-filter.x86_64 1:1.14.0-1.el7_4.ngx nginx
nginx-module-image-filter-debuginfo.x86_64
1:1.14.0-1.el7_4.ngx nginx
nginx-module-njs.x86_64 1:1.14.0.0.2.0-1.el7_4.ngx nginx
nginx-module-njs-debuginfo.x86_64 1:1.14.0.0.2.0-1.el7_4.ngx nginx
nginx-module-perl.x86_64 1:1.14.0-1.el7_4.ngx nginx
nginx-module-perl-debuginfo.x86_64 1:1.14.0-1.el7_4.ngx nginx
nginx-module-xslt.x86_64 1:1.14.0-1.el7_4.ngx nginx
nginx-module-xslt-debuginfo.x86_64 1:1.14.0-1.el7_4.ngx nginx
nginx-nr-agent.noarch 2.0.0-12.el7.ngx nginx
owncloud-nginx.noarch 9.1.5-1.el7 epel
pcp-pmda-nginx.x86_64 3.12.2-5.el7 base
python2-certbot-nginx.noarch 0.24.0-1.el7 epel
[root@iZqmo9i3j77p7eZ yum.repos.d]# yum install -y nginx
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.14.0-1.el7_4.ngx will be installed
--> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================
Installing:
nginx x86_64 1:1.14.0-1.el7_4.ngx nginx 750 k Transaction Summary
========================================================================================================================================
Install 1 Package Total download size: 750 k
Installed size: 2.6 M
Downloading packages:
nginx-1.14.0-1.el7_4.ngx.x86_64.rpm | 750 kB 00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:nginx-1.14.0-1.el7_4.ngx.x86_64 1/1
---------------------------------------------------------------------- Thanks for using nginx! Please find the official documentation for nginx here:
* http://nginx.org/en/docs/ Please subscribe to nginx-announce mailing list to get
the most important news about nginx:
* http://nginx.org/en/support.html Commercial subscriptions for nginx are available on:
* http://nginx.com/products/ ----------------------------------------------------------------------
Verifying : 1:nginx-1.14.0-1.el7_4.ngx.x86_64 1/1 Installed:
nginx.x86_64 1:1.14.0-1.el7_4.ngx Complete!
[root@iZqmo9i3j77p7eZ yum.repos.d]# nginx -v
nginx version: nginx/1.14.0
[root@iZqmo9i3j77p7eZ yum.repos.d]# nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

nginx快速安装

2-8Nginx的目录和配置语法_Nginx 安装目录

  • 安装目录——rpm -ql nginx
etc/logrotate.d/nginx#Nginx日志轮转,用于logrotate服务的日志切割,利用了Linux系统的logrotate;
/etc/nginx
/etc/nginx/conf.d
/etc/nginx/nginx.conf#Nginx的主配置文件,nginx启动时候会主要读取该文件;
/etc/nginx/conf.d/default.conf#Nginx的默认配置文件,主配置文件中include包含,conf.d目录下内容;
/etc/nginx/fastcgi_params
/etc/nginx/scgi_params
/etc/nginx/uwsgi_params#以上3处,cgi配置,fastcgi配置;
/etc/nginx/koi-utf
/etc/nginx/koi-win
/etc/nginx/win-utf#以上3处,用于nginx编码转换的映射转化文件,很少用,了解即可!
/etc/nginx/mime.types#设置http协议的Content-Type与拓展名的对应关系;应用场景:当Nginx无法识别某种文件类型的时候,编辑该配置文件进行添加;
/etc/sysconfig/nginx #Nginx服务的启动管理的终端命令;如systemctl start nginx;stop nginx;reload nginx;
/etc/sysconfig/nginx-debug#用于nginx启动的调试;
/usr/lib/systemd/system/nginx-debug.service
/usr/lib/systemd/system/nginx.service#以上4处,用于配置出CentOS7.X系统守护进程管理器管理方式,基于systemd;
/etc/nginx/modules#Nginx模块目录
/usr/lib64/nginx#Nginx模块目录
/usr/lib64/nginx/modules#Nginx模块目录
/usr/libexec/initscripts/legacy-actions/nginx
/usr/libexec/initscripts/legacy-actions/nginx/check-reload
/usr/libexec/initscripts/legacy-actions/nginx/upgrade
/usr/sbin/nginx#Nginx服务的启动管理的终端命令;
/usr/sbin/nginx-debug#Nginx服务的启动管理的终端命令;调试模式
/usr/share/doc/nginx-1.12.2
/usr/share/doc/nginx-1.12.2/COPYRIGHT
/usr/share/man/man8/nginx.8.gz#以上3处,Nginx的手册和帮助文件;
/usr/share/nginx
/usr/share/nginx/html
/usr/share/nginx/html/50x.html
/usr/share/nginx/html/index.html
/var/cache/nginx#Nginx的缓存目录;
/var/log/nginx#nginx的日志目录;如access.log、error.log

命令代码:

[BEGIN] 2018/5/26 星期六 12:44:38
[root@iZqmo9i3j77p7eZ yum.repos.d]# rpm -ql nginx
/etc/logrotate.d/nginx
/etc/nginx
/etc/nginx/conf.d
/etc/nginx/conf.d/default.conf
/etc/nginx/fastcgi_params
/etc/nginx/koi-utf
/etc/nginx/koi-win
/etc/nginx/mime.types
/etc/nginx/modules
/etc/nginx/nginx.conf
/etc/nginx/scgi_params
/etc/nginx/uwsgi_params
/etc/nginx/win-utf
/etc/sysconfig/nginx
/etc/sysconfig/nginx-debug
/usr/lib/systemd/system/nginx-debug.service
/usr/lib/systemd/system/nginx.service
/usr/lib64/nginx
/usr/lib64/nginx/modules
/usr/libexec/initscripts/legacy-actions/nginx
/usr/libexec/initscripts/legacy-actions/nginx/check-reload
/usr/libexec/initscripts/legacy-actions/nginx/upgrade
/usr/sbin/nginx
/usr/sbin/nginx-debug
/usr/share/doc/nginx-1.14.0
/usr/share/doc/nginx-1.14.0/COPYRIGHT
/usr/share/man/man8/nginx.8.gz
/usr/share/nginx
/usr/share/nginx/html
/usr/share/nginx/html/50x.html
/usr/share/nginx/html/index.html
/var/cache/nginx
/var/log/nginx

nginx目录结构

2-9 Nginx的目录和配置语法_Nginx编译配置参数;

1、Nginx -V#查看编译参数命令;

[root@iZqmo9i3j77p7eZ ~]# nginx -V

nginx version: nginx/1.12.2

built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) 

built with OpenSSL 1.0.2k-fips  26 Jan 2017

TLS SNI support enabled

configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp
--user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module
--with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module
--with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module
--with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module
--with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

2、--with 的编译参数特别说明(代表官网模块);

3、安装编译参数详解;

nginx的主目录;
--prefix=/etc/nginx#nginx的主目录; --sbin-path=/usr/sbin/nginx#nginx的执行命令目录; --modules-path=/usr/lib64/nginx/modules#nginx的模块目录; --conf-path=/etc/nginx/nginx.conf#nginx的配置文件目录; --error-log-path=/var/log/nginx/error.log#nginx的错误日志目录; --http-log-path=/var/log/nginx/access.log#nginx的访问日志目录; --pid-path=/var/run/nginx.pid#nginx的pid进程文件路径; --lock-path=/var/run/nginx.lock#Nginx锁文件目录; 执行对应模块时,Nginx所保留的临时性文件;带有temp后缀字样的文件;
--http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp 处于服务器安全性的考虑,设定Nginx进程启动的用户和组用户;不建议使用root用户;
--user=nginx
--group=nginx --with-cc-opt=parameters#设置额外的参数将被添加到CFLAGS变量;
--with-ld-opt=parameters#设置附加的参数,链接系统库,如pcre库;

2-10 Nginx的目录和配置语法_默认配置语法

1、主配置文件nginx.conf讲解;

[root@iZqmo9i3j77p7eZ nginx]# cat nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$http_user_agent' '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on; include /etc/nginx/conf.d/*.conf;#注意此处的包含关系;
}
[root@iZqmo9i3j77p7eZ nginx]#

2、nginx.default.conf详解;

[root@iZqmo9i3j77p7eZ conf.d]# cat default.conf 

server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html; # redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html;
} # proxy the PHP scripts to Apache listening on 127.0.0.1:80 #
#location ~ \.php$ { # proxy_pass http://127.0.0.1;
#} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }

1)user#设置nginx服务的系统使用用户,即Linux系统中的用户;

2)worker_processes#工作进程数,一般和CPU核数保持一致即可,开启CPU亲和!增大连接数的并发处理能力;

3)error_log#定义nginx的错误日志,绝对路径;

4)pid#nginx #服务启动时候的nginx.pid文件,绝对路径;

5)events区块;

  • worker_connections#每个进程允许的最大连接数,最大调整到65535;企业应用场景,必须要调节的;
  • use#工作进程的内核模型,如select、poll或epoll;

6)http区块;

  • 每一个server设置独立的站点;
  • location,控制每一层访问的路径,配置默认访问的路径定义的位置配置;
  • error_page,定义错误页面,友好提示,提醒错误;
  • location中的root,不是计算机root用户,而是表示文件存储的“根路径”
  • 一个http区块可以存在多个server;
  • 一个server可以存在多个location;

2-11 Nginx的目录和配置语法_默认配置与默认站点启动

1、nginx.conf配置文件;

[root@iZqmo9i3j77p7eZ conf.d]# cat ../nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

其中,

  • log_format#定义日志类型;
  • access_log#定义访问日志;
  • sendfile#默认打开on状态;
  • keepalive_timeout#设置客户端与服务器的超时时间;存在默认值65s;

2、conf.d/default.conf配置文件;

[root@iZqmo9i3j77p7eZ backup]# cat default.conf
server {
listen 80;#监听端口;
server_name localhost;#域名地址; #charset koi8-r;
#access_log /var/log/nginx/host.access.log main; location / {
root /usr/share/nginx/html;#此处是Linux服务器的绝对路径;
index index.html index.htm;#HTML是一个静态文件,不需要重启Nginx服务;
} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 404 /50x.html;#新增了404错误状态码,定义错误页面,修改后需要重启Nginx服务systemctl restart nginx.service
location = /50x.html {
root /usr/share/nginx/html;
} # proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#} # deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
} [root@iZqmo9i3j77p7eZ backup]#

3、/usr/share/nginx/html/index.html;

[root@iZqmo9i3j77p7eZ html]# cat index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx! tqtl911@163.com</h1>#添加了文件内容tqtl911@163.com
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p> <p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@iZqmo9i3j77p7eZ html]#

4、/usr/share/nginx/html/50x.html;#返回错误页面;

[root@iZqmo9i3j77p7eZ html]# cat 50x.html
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>An error occurred. tqtl add this error!</h1>
<p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
<p>If you are the system administrator of this resource then you should check
the <a href="http://nginx.org/r/error_log">error log</a> for details.</p>
<p><em>Faithfully yours, nginx.</em></p>
</body>
</html>
[BEGIN] 2018/5/26 星期六 12:58:17
[root@iZqmo9i3j77p7eZ yum.repos.d]# nginx -v
nginx version: nginx/1.14.0
[root@iZqmo9i3j77p7eZ yum.repos.d]# nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'
[root@iZqmo9i3j77p7eZ yum.repos.d]# cd /etc/nginx/
[root@iZqmo9i3j77p7eZ nginx]# ll
total 40
drwxr-xr-x 2 root root 4096 May 26 12:36 conf.d
-rw-r--r-- 1 root root 1007 Apr 17 23:48 fastcgi_params
-rw-r--r-- 1 root root 2837 Apr 17 23:48 koi-utf
-rw-r--r-- 1 root root 2223 Apr 17 23:48 koi-win
-rw-r--r-- 1 root root 5170 Apr 17 23:48 mime.types
lrwxrwxrwx 1 root root 29 May 26 12:36 modules -> ../../usr/lib64/nginx/modules
-rw-r--r-- 1 root root 643 Apr 17 23:46 nginx.conf
-rw-r--r-- 1 root root 636 Apr 17 23:48 scgi_params
-rw-r--r-- 1 root root 664 Apr 17 23:48 uwsgi_params
-rw-r--r-- 1 root root 3610 Apr 17 23:48 win-utf
[root@iZqmo9i3j77p7eZ nginx]# vim nginx.conf
[root@iZqmo9i3j77p7eZ nginx]# cat nginx.conf user nginx;
worker_processes 1; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; events {
worker_connections 1024;
} http {
include /etc/nginx/mime.types;
default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on;
#tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf;
}
[root@iZqmo9i3j77p7eZ nginx]# cd /usr/share/nginx/html/
[root@iZqmo9i3j77p7eZ html]# ls
50x.html index.html
[root@iZqmo9i3j77p7eZ html]# vim index.html
[root@iZqmo9i3j77p7eZ html]# systemctl status nginx
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: http://nginx.org/en/docs/
[root@iZqmo9i3j77p7eZ html]# systemctl start nginx
[root@iZqmo9i3j77p7eZ html]# systemctl status nginx
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-05-26 14:11:31 CST; 1s ago
Docs: http://nginx.org/en/docs/
Process: 20491 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 20492 (nginx)
CGroup: /system.slice/nginx.service
├─20492 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
└─20493 nginx: worker process May 26 14:11:31 iZqmo9i3j77p7eZ systemd[1]: Starting nginx - high performance web server...
May 26 14:11:31 iZqmo9i3j77p7eZ systemd[1]: PID file /var/run/nginx.pid not readable (yet?) after start.
May 26 14:11:31 iZqmo9i3j77p7eZ systemd[1]: Started nginx - high performance web server.
[root@iZqmo9i3j77p7eZ html]# vim /etc/nginx/conf.d/default.conf
[root@iZqmo9i3j77p7eZ html]# cd /usr/share/nginx/
[root@iZqmo9i3j77p7eZ nginx]# ls
html
[root@iZqmo9i3j77p7eZ nginx]# cd html/
[root@iZqmo9i3j77p7eZ html]# ll
total 8
-rw-r--r-- 1 root root 537 Apr 17 23:48 50x.html
-rw-r--r-- 1 root root 628 May 26 14:11 index.html
[root@iZqmo9i3j77p7eZ html]# vim 50x.html
-rw-r--r-- 1 root root 628 May 26 14:11 index.html
[root@iZqmo9i3j77p7eZ html]# vim 50x.html
[root@iZqmo9i3j77p7eZ html]# cat index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx! tqtl911@163.com</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p> <p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@iZqmo9i3j77p7eZ html]# cat 50x.html
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>An error occurred. tqtl add this error!</h1>
<p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
<p>If you are the system administrator of this resource then you should check
the <a href="http://nginx.org/r/error_log">error log</a> for details.</p>
<p><em>Faithfully yours, nginx.</em></p>
</body>
</html>
[root@iZqmo9i3j77p7eZ html]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@iZqmo9i3j77p7eZ html]# systemctl reload nginx
[root@iZqmo9i3j77p7eZ html]# systemctl status nginx
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-05-26 14:11:31 CST; 6min ago
Docs: http://nginx.org/en/docs/
Process: 20509 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 20491 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 20492 (nginx)
CGroup: /system.slice/nginx.service
├─20492 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
└─20510 nginx: worker process May 26 14:11:31 iZqmo9i3j77p7eZ systemd[1]: Starting nginx - high performance web server...
May 26 14:11:31 iZqmo9i3j77p7eZ systemd[1]: PID file /var/run/nginx.pid not readable (yet?) after start.
May 26 14:11:31 iZqmo9i3j77p7eZ systemd[1]: Started nginx - high performance web server.
May 26 14:17:54 iZqmo9i3j77p7eZ systemd[1]: Reloaded nginx - high performance web server.
[root@iZqmo9i3j77p7eZ html]# pwd
/usr/share/nginx/html

Nginx的目录和配置语法_默认配置语法

2-12 HTTP请求;

1、客户端<--->服务端(request与response请求)

2、curl -v http://www.jd.com >/dev/null

[root@iZqmo9i3j77p7eZ ~]# curl -v http://www.jd.com >/dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to www.jd.com port 80 (#0)
* Trying 106.39.178.1...
* Connected to www.jd.com (106.39.178.1) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.jd.com
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: JDWS/2.0
< Date: Wed, 13 Jun 2018 11:20:10 GMT
< Content-Type: text/html
< Content-Length: 157
< Connection: keep-alive
< Location: https://www.jd.com/
< Strict-Transport-Security: max-age=360
<
{ [data not shown]
100 157 100 157 0 0 17367 0 --:--:-- --:--:-- --:--:-- 19625
* Connection #0 to host www.jd.com left intact
[root@iZqmo9i3j77p7eZ ~]#

3、window或Mac下使用浏览器开发者工具进行查看!F12

2-13 Nginx日志_Log_format1;

1、主配置文件nginx.conf中日志相关;

[root@iZqmo9i3j77p7eZ nginx]# cat nginx.conf

user  nginx;
worker_processes 1; error_log /var/log/nginx/error.log warn;#warn是错误日志的级别;
pid /var/run/nginx.pid; events {
worker_connections 1024;
} http {
include /etc/nginx/mime.types;
default_type application/octet-stream; log_format main '$http_user_agent' '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main;#main是log_foramt的名称,Nginx的变量,定义了日志输出的形式 sendfile on;
#tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf;
}
[root@iZqmo9i3j77p7eZ nginx]#

2、/var/log/nginx/error.log#错误日志;

3、/var/log/nginx/access.log#访问日志;

4、Nginx变量;

[root@iZqmo9i3j77p7eZ nginx]# curl -v www.imooc.com/
* About to connect() to www.imooc.com port 80 (#0)
* Trying 117.121.101.40...
* Connected to www.imooc.com (117.121.101.40) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.imooc.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Thu, 22 Mar 2018 03:01:41 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Location: https://www.imooc.com
<
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host www.imooc.com left intact
[root@iZqmo9i3j77p7eZ nginx]#

Nginx的内置变量:http://nginx.org/en/docs/syslog.html

5、依赖于log_format模块;

[root@iZqmo9i3j77p7eZ nginx]# cat nginx.conf

user  nginx;
worker_processes 1; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; events {
worker_connections 1024;
} http {
include /etc/nginx/mime.types;
default_type application/octet-stream; log_format main '$http_user_agent' '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on;
#tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf;
}
[root@iZqmo9i3j77p7eZ nginx]#

6、Nginx语法检查#nginx -t -c /etc/nginx/nginx.conf #或者nignx -tc

7、Nginx重启服务#nginx -s reload -c /etc/nginx/nginx.conf#systemctl reload nginx

2-14Nginx日志_Log_format2;

1、log_format;

 log_format  main  '$http_user_agent' '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '#referer表示上一级
'"$http_user_agent" #表示客户端内容"$http_x_forwarded_for"';#记录每一级用户的信息 access_log /var/log/nginx/access.log main;#此处的main与log_format是一一对应的;

2、HTTP请求变量 -arg_PARAMETER 、http_HEADER、sent_http_HEADER ;

3、内置变量-Nginx内置的变量;

4、自定义变量-用户自行定义的变量;

2-15 Nginx模块讲解

1、查看Nginx官网模块;

[root@iZqmo9i3j77p7eZ nginx]# nginx -V
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments:
--prefix(前缀)=/etc/nginx
--sbin-path=/usr/sbin/nginx
--modules-path=/usr/lib64/nginx/modules
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp
--user=nginx --group=nginx
--with-compat(兼容) --with-file-aio
--with-threads --with-http_addition_module
--with-http_auth_request_module
--with-http_dav_module
--with-http_flv_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_mp4_module
--with-http_random_index_module
--with-http_realip_module
--with-http_secure_link_module
--with-http_slice_module
--with-http_ssl_module
--with-http_stub_status_module
--with-http_sub_module
--with-http_v2_module
--with-mail --with-mail_ssl_module
--with-stream
--with-stream_realip_module
--with-stream_ssl_module
--with-stream_ssl_preread_module
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param(参数)=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC'
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'
[root@iZqmo9i3j77p7eZ nginx]#

2、第三方模块;(第三方公司开发的模块,如FastDFS中的nginx相关模块)

2-16 Nginx的模块讲解 _sub_status

1、 --with-http_stub_status_module #展示Nginx的客户端状态

2、配置语法;

Syntax:stub_status;#末尾分号是一定要有的;

Default:-

Context:server,location

3、配置

server {

    listen       80;

    server_name  localhost;

    #charset koi8-r;

    #access_log  /var/log/nginx/host.access.log  main;

    location /mystatus{

        stub_status;
}
location / { root /usr/share/nginx/html; index index.html index.htm; } #error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 404 /50x.html; location = /50x.html { root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ { # proxy_pass http://127.0.0.1; #}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:900
0
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all; #}
}

4、访问验证:http://47.95.234.20/mystatus

日志输出:

Active connections: 3

server accepts handled requests

135 135 278

Reading: 0 Writing: 1 Waiting: 2

2-17 Nginx模块讲解_random_index

1、--with-http_random_index_module#目录中选择一个随机主页;

2、随机展示主页;

3、配置语法:

Syntax:random_index on|off;
Default:random_index off;
Context:location

4、注意事项

  • 修改完之后重新reload nginx服务;
  • 隐藏文件不会被加载显示,如:.1.html

2-18 Nginx模块讲解_sub_module

1、--with-http_sub_module模块#HTTP内容替换

2、应用场景:多个虚拟主机的内容变更替换;

3、配置语法:

1、对字符串进行替换,Syntax:sub_filter string(要替换的内容) replacement(被替换的内容);

Default:-

Context:http,server,location#可以加载的位置区块

2、Syntax:sub_filter_last_modified on|off

Default:sub_filter_last_modified off;

Context:http,server,location

3、Syntax:sub_filter_once on|off#匹配所有html代码中的第一个还是最后一个所有字符串

Default:sub_filter_once off;

Context:http,server,location

2-19 Nginx模块讲解_sub_module配置演示;

1、vim /etc/nginx/conf.d/default.conf

location / {

root /opt/app/code;#根路径

index index.html index.html

sub_filter '<a>imooc' '<a>IMOOC';

sub_filer_once on;#注意Nginx与SQL一样,默认结尾加分号;

}#完成指定字符串替换的配置语法;

3、完成内容替换后,先清理浏览器缓存或者新建立窗口,强制刷新页面;

4、单一替换以及全局替换参数配置说明;

2-20 Nginx的请求限制_配置语法与原理1

1、连接频率限制=limit_conn_module

2、请求频率限制-limit_req_module

3、HTTP协议连接与请求;

  • HTTP协议是建立在TCP协议的基础之上;
  • 要完成一次HTTP的请求,先要完成TCP/IP的三次握手
  • 仅进行TCP的“三次握手”,然后进行HTTP的“请求”与“相应”,接着保持长连接和keepalive;
  • HTTP请求建立在一次TCP连接基础之上;
  • 一次TCP请求至少产生一次HTTP请求;

4、配置语法:

Syntax:limit_conn_zone key zone=name:size;

Default:——

Context:http

Syntax:limit_conn zone number;

Default:-

Context:http,server,location

2-21 Nginx的请求限制_配置语法与原理2;

1、请求限制;

2、语法规则:

Syntax:limit_req_zone key zone=name:size rate=rate#此处有速率;

Default:-

Context:http

Syntax:limit_req zone=name [burst=number][nodelay];

Default:-

Context:http,server,location

3、请求限制测试-apache下ab压力测试工具:

  • ab -n 50 -c 20 http://www.jd.com/
[root@iZqmo9i3j77p7eZ conf.d]# ab -n 50 -c 20  http://www.jd.com/   

This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking(标记,确定基准点) www.jd.com (be patient).....done
Server Software: JDWS/2.0
Server Hostname: www.jd.com
Server Port: 80 Document Path: / Document Length: 157 bytes Concurrency Level: 20 Time taken for tests: 0.019 seconds Complete requests: 50 Failed requests: 0 Write errors: 0 Non-2xx responses: 50 Total transferred: 19100 bytes HTML transferred: 7850 bytes Requests per second: 2646.90 [#/sec] (mean) Time per request: 7.556 [ms] (mean) Time per request: 0.378 [ms] (mean, across all concurrent requests) Transfer rate: 987.42 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 2 2 0.4 2 3 Processing: 2 3 0.4 2 4 Waiting: 2 2 0.4 2 4 Total: 4 5 0.8 5 7 ERROR: The median and mean for the processing time are more than twice the standard deviation apart. These results are NOT reliable. Percentage of the requests served within a certain time (ms) 50% 5 66% 5 75% 6 80% 6 90% 6 95% 6 98% 7 99% 7 100% 7 (longest request)

2-22 Nginx的请求限制_配置语法与原理3;

1、

2、通过访问日志及错误日志进行判断配置是否生效;

2-23 Nginx的访问控制_介绍访问控制的基本方式;

1、基于IP的访问控制-http_access_module;

2、基于用户的信任登录-http_auth_basic_module;

2-24 Nginx的访问控制-access_module配置语法介绍;

1、语法规则:

Syntax:deny address |CIDR|unix:|all;

Default:-

Context:http,server,location,limit_except

Syntax:allow address |CIDR(可变长子网掩码,即网段)|unix:|all;

Default:-

Context:http,server,location,limit_except

2-25 Nginx的访问控制-access_module配置;

1、配置举例;

[root@iZqmo9i3j77p7eZ conf.d]# cat access_mode.conf    

server {

    listen       80;

    server_name  localhost;

    #charset koi8-r;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {

        root   /opt/app/code;

        index  index.html index.htm;

    }

    location ~ ^/ {

        root   /opt/app/code;

        deny 117.119.97.51;

        allow all;

        index  index.html index.htm;

    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html

    #
error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all; #} }

2-26 Nginx的访问控制-access_module局限性;

1、

2、

3、

4、

5、x_forwarded_for会解决http_access_module的局限性问题,但对协议有要求

  • 结合geo模块做
  • 通过HTTP自定义变量传递

2-27 Nginx的访问控制-auth_basic_module配置;

1、

2、 htpasswd -c ./user_passwd cuixiaozhao#htpasswd工具属于httpd-tools

3、配置举例

[root@iZqmo9i3j77p7eZ conf.d]# cat auth_modele.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /opt/app/code;
index index.html index.htm;
}
location ~ ^/ {
root /opt/app/code;
auth_basic "cuixiaozhao";
auth_basic_user_file /etc/nginx/user_passwd;
allow all;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
} # proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

4、访问限制截图

2-28 Nginx的访问控制-auth_basic_module(基本认证模块)局限性;

1、用户信息依赖文件方式,效率低下;

2、操作管理机械,效率低下;

3、解决方案:

  • Nginx结合LUA实现高效验证;
  • Nginx和LDAP打通,利用nginx-auth-ldap模块;

Nginx从入门到放弃-第2章 基础篇的更多相关文章

  1. Nginx从入门到放弃-第3章 场景实战篇

    3-1场景实践篇内容介绍: 3-2 Nginx作为静态资源Web服务_静态资源类型: 3-3 Nginx作为静态资源web服务_CDN(内容分发网络)场景: 3-4 Nginx作为静态资源Web服务_ ...

  2. Nginx从入门到放弃-第5章 Nginx架构篇

    5-1 Nginx常见问题_架构篇介绍 5-2 Nginx常见问题_多个server中虚拟主机读取的优先级 5-3 Nginx常见问题_多个location匹配的优先级1 5-4 Nginx常见问题_ ...

  3. Nginx从入门到放弃-第4章 深度学习篇

    4-1 Nginx动静分离_动静分离场景演示 4-2 Nginx动静分离_动静分离场景演示1 4-3 Nginx的动静分离_动静分离场景演示2 4-4 Rewrite规则_rewrite规则的作用 4 ...

  4. php从入门到放弃系列-02.php基础语法

    php从入门到放弃系列-02.php基础语法 一.学习语法,从hello world开始 PHP(全称:PHP:Hypertext Preprocessor,即"PHP:超文本预处理器&qu ...

  5. 深度学习入门者的Python快速教程 - 基础篇

      5.1 Python简介 本章将介绍Python的最基本语法,以及一些和深度学习还有计算机视觉最相关的基本使用. 5.1.1 Python简史 Python是一门解释型的高级编程语言,特点是简单明 ...

  6. 前端开发工程师 - 03.DOM编程艺术 - 第1章.基础篇(下)

    第1章.基础篇(下) Abstract: 数据通信.数据存储.动画.音频与视频.canvas.BOM.表单操作.列表操作 数据通信(HTTP协议) HTTP事务: 客户端向服务器端发送HTTP请求报文 ...

  7. 前端开发工程师 - 03.DOM编程艺术 - 第1章.基础篇(上)

    第1章.基础篇(上) Abstract:文档树.节点操作.属性操作.样式操作.事件 DOM (Document Object Model) - 文档对象模型 以对象的方式来表示对应的html,它有一系 ...

  8. 前端开发工程师 - 02.JavaScript程序设计 - 第1章.基础篇

    第1章--基础篇 JS介绍 html 网页的内容:css 网页的样式:javascript 网页的行为 i.e. hello world <!DOCTYPE html> <html& ...

  9. WPF从入门到放弃系列第二章 XAML

    本文是作者学习WPF从入门到放弃过程中的一些总结,主要内容都是对学习过程中拜读的文章的整理归纳. 参考资料 XAML 概述 (WPF):https://msdn.microsoft.com/zh-cn ...

随机推荐

  1. 浅析HTML的元素类型及其转换

    大家都知道html是由标签元素组成的,在了解元素的类型转换之前,让我们先来了解一下html的元素类型. 一.html元素类型分为两种:块级元素和内联元素,内联元素又被称为行内元素.  常见的块级元素有 ...

  2. The great pleasure in life is doing what people say you cannot do.

    The great pleasure in life is doing what people say you cannot do.  人生最大的快乐是做到别人认为你做不到的事情.

  3. nmap -sT

    将与目标端口进行三次握手,尝试建立连接,如果连接成功,则端口开放,慢,且会被目录主机记录

  4. reactnative资源

    http://facebook.github.io/react-native/docs/getting-started.html

  5. 新手第一天学习 C#语言(进制互换)

    说起来我们对一些陌生或者未知的东西有一些恐惧感,但是又有一些期待,虽然我不确定自己能不能学会这门语言,但是我会尽自己最大的努力学. 我们第一天学的的内容呢,对大多数的人都知道,计算机的语言是二进制,但 ...

  6. 关于JavaScript的变量和函数提升

    第一种理解方式:let和const不能被使用,直到他们被声明 对于var定义的变量,解析器会提升其到作用域顶部. // Outputs: undefined console.log(x); var x ...

  7. 通过WMIC导出系统日志

    查看日志类型 wmic nteventlog get filename C:\>wmic nteventlog get filename FileName appevent secevent s ...

  8. WCFSVC文件的分离

    项目结构图如下: 新建一个实现内容和接口的项目: 接口内部如下: using DataModel; using System; using System.Collections.Generic; us ...

  9. fork新建进程

    #include <sys/types.h>#include<sys/wait.h>#include<unistd.h>#include<stdio.h> ...

  10. 数组char a[4] 保存了一个数据,怎么转换为unsigned int呢 ?

    [待解决问题] 浏览: 701次 注意char并不表示字符的 a[0]=0; a[1]=0; a[2]=3; a[3]=0; 那么我要的unsigned int b应该等于: b= 0x0000030 ...