【原创】运维基础之Nginx（1）简介、安装、使用

官方：http://nginx.org

nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler. According to Netcraft, nginx served or proxied 25.89% busiest sites in December 2018. Here are some of the success stories: Dropbox, Netflix, Wordpress.com, FastMail.FM.

Nginx是一个Http服务器、反向代理服务器、邮件代理服务器、通用TCP/UDP代理服务器，目前已经占据25%的市场份额。

nginx has one master process and several worker processes. The main purpose of the master process is to read and evaluate configuration, and maintain worker processes. Worker processes do actual processing of requests. nginx employs event-based model and OS-dependent mechanisms to efficiently distribute requests among worker processes. The number of worker processes is defined in the configuration file and may be fixed for a given configuration or automatically adjusted to the number of available CPU cores.

nginx有一个master进程和多个worker进程，maste进程负责读取配置和管理worker进程，worker进程负责实际的请求处理；nginx使用事件模型和操作系统特有的机制来高效在worker进程中转发请求；

一 安装

官方下载页面：http://nginx.org/en/download.html

下载编译过程如下：

# wget http://nginx.org/download/nginx-1.14.2.tar.gz
# tar xvf nginx-1.14.2.tar.gz
# cd nginx-1.14.2

# ./configure --prefix=/data/nginx-1.14.2 --with-http_ssl_module --with-stream
# make
# make install

# ls /data/nginx-1.14.2/
conf html logs sbin
# ls /data/nginx-1.14.2/sbin
nginx
# ls /data/nginx-1.14.2/conf
fastcgi.conf fastcgi_params koi-utf mime.types nginx.conf scgi_params uwsgi_params win-utf
fastcgi.conf.default fastcgi_params.default koi-win mime.types.default nginx.conf.default scgi_params.default uwsgi_params.default

configure详细参数详见官方文档：http://nginx.org/en/docs/configure.html

configure过程可能报错：

1）./configure: error: C compiler cc is not found

yum install gcc

2）./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.

yum install pcre-devel

3）./configure: error: the HTTP gzip module requires the zlib library.
You can either disable the module by using --without-http_gzip_module
option, or install the zlib library into the system, or build the zlib library
statically from the source with nginx by using --with-zlib=<path> option.

yum install zlib-devel

4）./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.

yum install openssl-devel

二 使用

1 配置

默认配置：$NGINX_HOME/conf/nginx.conf

如果改为其他名字，需要在启动时通过-c制定

nginx可以用作http代理（http module），也可以用作长连接代理（stream module）

1）端口

server {

listen       80;

server_name  localhost;

可以修改端口，如果是80端口，必须使用root启动，因为只有root才能使用1024以下端口；

2）反向代理--负载均衡

　　upstream test_backend {
　　　　ip_hash;
　　　　server 192.168.0.54:8080;
　　　　server 192.168.0.55:8080;
　　 }

    location / {
        proxy_pass   http://test_backend; 

可以配置多个upstream，每个upstream指向一组后端服务器，比如一组tomcat，然后在server中制定哪些location的请求转发给哪些upstream，实现负载均衡；

2 命令

# sbin/nginx -h

nginx version: nginx/1.14.2

Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]

Options:

-?,-h         : this help

-v            : show version and exit

-V            : show version and configure options then exit

-t            : test configuration and exit

-T            : test configuration, dump it and exit

-q            : suppress non-error messages during configuration testing

-s signal     : send signal to a master process: stop, quit, reopen, reload

-p prefix     : set prefix path (default: /data/nginx-1.14.2/)

-c filename   : set configuration file (default: conf/nginx.conf)

-g directives : set global directives out of configuration file

2.1 启动

# nginx

or

# nginx -c conf/nginx.conf

启动之后进程如下：

# ps aux|grep nginx
root 3072 0.0 0.0 45852 1956 ? Ss 20:11 0:00 nginx: master process sbin/nginx -c conf/nginx.conf
nobody 3218 0.0 0.0 48396 2552 ? S 20:14 0:00 nginx: worker process

2.2 停止

# nginx -c conf/nginx.conf -s stop

2.3 刷新配置

# nginx -c conf/nginx.conf -s reload

三 登陆验证

1 安装htpasswd

# yum install httpd-tools

2 添加用户密码

# htpasswd -c /data/nginx-1.14.2/passwd test
New password:
Re-type new password:
Adding password for user test

3 添加配置在server下

auth_basic "Please input user&password";

auth_basic_user_file /data/nginx-1.14.2/passwd;

4 刷新配置

# nginx -c conf/nginx.conf -s reload

效果如下：

http代理完整配置如下：

http {

include       mime.types;

default_type  application/octet-stream;

sendfile        on;

keepalive_timeout  65;

upstream test_backend {

ip_hash;

server 192.168.0.54:8080;

server 192.168.0.55:8080;

}

server {

listen       80;

server_name  localhost;

auth_basic "Please input user&password";

auth_basic_user_file /data/nginx-1.14.2/passwd;

location / {

proxy_pass http://test_backend;

}

}

}

stream代理完整配置如下：

stream {

upstream test_backend {

server $server1:21000;

server $server2:21000;

}

server {

listen 21000;

proxy_pass test_backend;

}

}

四 限制ip访问

server {

listen       80;

server_name  test.com.internal;

location / {

allow 192.168.0.0/24;

deny all;

proxy_pass http://test_backend;

}

}

限制只有192.168.0.*网段可以访问该接口

五 以目录形式访问

    location ^~ /dir {
        root   /dir;
        autoindex  on;
    }

使用module：ngx_http_autoindex_module