二、

1、编译安装nginx

1)采用yum安装pcre:

yum install pcre pcre-devel -y

rpm -qa pcre pcre-devel

nginx安全优化,

2)检测安装依赖包:

rpm -qa openssl openssl-devel


安装openssl openssl-devel:

yum install -y openssl openssl-devel

nginx是什么,

3)开始安装nginx:

mkdir -p /application/server

cd /application/server

wget -q http://nginx.org/download/nginx-1.6.3.tar.gz

ls -l nginx-1.6.3.tar.gz

nginx优化有哪些?useradd nginx -s /sbin/nologin -M

tar zxvf nginx-1.6.3.tar.gz 

cd nginx-1.6.3

 ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.6.3/ --with-http_stub_status_module --with-http_ssl_module

make

make install

nginx终极优化。

设置软链接:

ln -s /application/nginx-1.6.3 /application/nginx


ll /application | grep nginx

ls -l /application/nginx

linux nginx安装,

可使用./configure --help查看相关参数帮助:

--prefix=PATH                                 #设置安装路径

--user=USER                                   #设置用户权限

--group=GROUP                                 #设置用户组权限

--with-http_stub_status_module                #设置状态信息

nginx搭建,--with-http_ssl_module                        #激活SSL功能


检测配置文件语法:

/application/nginx/sbin/nginx -t

启动nginx命令:

/application/nginx/sbin/nginx

nginx首页。

检测启动是否成功:

lsof -i :80 

COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

nginx   42008  root    6u  IPv4  83250      0t0  TCP *:http (LISTEN)

nginx   42009 nginx    6u  IPv4  83250      0t0  TCP *:http (LISTEN)

nginx开启伪静态,或

netstat -lnt | grep 80

tcp        0      0 0.0.0.0:80                  0.0.0.0:*   LISTEN

wget -T 2 --tries=1 --spider 127.0.0.1

nginx使用教程,curl -s 127.0.0.1

curl -I 127.0.0.1


查看nginx编译参数:

[root@www nginx-1.6.3]# /application/nginx/sbin/nginx -V

nginx version: nginx/1.6.3

linux nginx 启动?built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) 

TLS SNI support enabled

configure arguments: --user=nginx --group=nginx --prefix=/application/nginx-1.6.3/ --with-http_stub_status_module --with-http_ssl_module


关闭selinux:

setenforce 0

nodejs nginx,getenforce


关闭防火墙:

service iptables stop

service iptables status  (查看运行状态)


nginx性能优化?查看站点目录:

grep html /application/nginx/conf/nginx.conf


查看nginx目录结构:

tree /application/nginx


nginx性能调优,实时查看网站用户访问:

tail -f /application/nginx/logs/access.log 

查看错误信息:

tail /application/nginx/logs/error.log 

查看进程ID号:

tail /application/nginx/logs/nginx.pid


输出配置文件去掉#和空行的内容

egrep -v "#|^$" /application/nginx/conf/nginx.conf

wKiom1l4X7jQTFUtAADMRU430j0096.png-wh_50



基于域名和端口、IP的虚拟主机配置:

    server {

        listen       80;

        server_name  etiantian.org;

        location / {

            root   html/www;

            index  index.html index.htm;

        }

    } 


    server {

        listen       81;

        server_name  etiantian.org;

        location / {

            root   html/bbs;

            index  index.html index.htm;

        }

    }


    server {

        listen       192.168.254.120:83;

        server_name  blog.etiantian.org;

        location / {

            root   html/blog;

            index  index.html index.htm;

        }



检测配置文件语法:

/application/nginx/sbin/nginx -t


重新加载配置文件:

/application/nginx/sbin/nginx -s reload


二)常用功能配置实战

优化规范配置文件:

cd /application/nginx/conf

mkdir extra

sed -n '10,17p' /application/nginx/conf/nginx.conf >extra/www.conf

sed -n '18,25p' /application/nginx/conf/nginx.conf >extra/bbs.conf

sed -n '26,33p' /application/nginx/conf/nginx.conf >extra/bbs.conf

sed -i '10,33d' nginx.conf                  #删除主配置文件里的虚拟主机配置


在nginx.conf里include加上虚拟主机配置:

[root@www conf]# cat nginx.conf

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

 include extra/www.conf;

 include extra/bbs.conf;

 include extra/blog.conf;

}


nginx虚拟主机别名设置:

        server_name  www.etiantian.org etiantian.org;

测试需要在host文件加上etiantian.org 


配置nginx status:

vi /application/nginx/conf/extra/status.conf

    server {

        listen       80;

        server_name  status.etiantian.org;

        location / {

          stub_status on;

          access_log off

}

    }


在nginx.conf文件加上:

 include extra/status.conf;


#测试需要在host文件加上status.etiantian.org


配置错误日志:

error_log   logs/error.log;


访问日志配置:

[root@www logs]# sed -n '21,23 s/#//gp' /application/nginx/conf/nginx.conf.default  

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

把上述内容放到nginx.conf的http标签的首部,如下:


[root@www logs]# cat  ../conf/nginx.conf 

worker_processes  1;

error_log   logs/error.log;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    sendfile        on;

    keepalive_timeout  65;

 include extra/www.conf;

 include extra/bbs.conf;

 include extra/blog.conf;

 include extra/status.conf;

}



然后在每个虚拟主机里进行配置,使其使用上述格式记录用户访问日志:

[root@www conf]# cat extra/www.conf 

    server {

        listen       80;

        server_name  www.etiantian.org etiantian.org;

        location / {

            root   html/www;

            index  index.html index.htm;

        }

        access_log logs/access_www.log main;      #配置访问记录

    } 



查看访问记录:

[root@www conf]# tail -5  /application/nginx/logs/access_www.log

192.168.254.31 - - [20/Jul/2016:22:36:47 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.2)" "-"


在记录日志参数中加上buffer和flush选项,可以在高并发场景下提高网站访问性能:

 access_log logs/access_www.log main gzip buffer=32k flush=5s;



nginx访问认证:

在需要的虚拟主机server标签里增加

auth_basic                           #密码提示

auth_basic_user_file                 #用户密码存放文件


    server {

        listen       80;

        server_name  www.etiantian.org etiantian.org;

        location / {

            root   html/www;

            index  index.html index.htm;

            auth_basic  "password is 123456"

            auth_basic_uer_file /application/nginx/conf/htpasswd;

        }

#        access_log logs/access_www.log main;

         access_log logs/access_www.log main gzip buffer=32k flush=5s;

    }


yum install httpd -y

[root@www ~]# which htpasswd      

/usr/bin/htpasswd


创建账号密码:

[root@www ~]# htpasswd -bc /application/nginx/conf/htpasswd long 123456

Adding password for user long


[root@www ~]# chmod 400 /application/nginx/conf/htpasswd

[root@www ~]# chown nginx /application/nginx/conf/htpasswd

[root@www ~]# cat /application/nginx/conf/htpasswd

long:RXW3skaY5c3rU                             #加密的


重新加载nginx是配置生效

/application/nginx/sbin/nginx -t 

/application/nginx/sbin/nginx -s reload


配置找不到首页文件时,展示目录结构: outoindex on;(一般不要用,除非有需求):

[root@www ~]# cat /application/nginx/conf/extra/blog.conf

    server {

        listen       192.168.254.120:83;

        server_name  blog.etiantian.org;

        location / {

            root   html/blog;

            index  index.html index.htm;

#           outoindex on;

        }

        access_log logs/access_blog.log main;

}


在配置文件设置allow、deny权限控制:

[root@www ~]# cat /application/nginx/conf/extra/blog.conf

    server {

        listen       192.168.254.120:83;

        server_name  blog.etiantian.org;

        location / {

            root   html/blog;

            index  index.html index.htm;

#           outoindex on;

            allow 192.168.254.0/24;

            deny all;


        }

        access_log logs/access_blog.log main;

}


查看nginx并发:

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

TIME_WAIT 1

ESTABLISHED 1       #当前连接数

CLOSING 1

LAST_ACK 2