一、Nginx 服务基础

关于Nginx

• 一款高性能、轻量级Web服务软件
  • 稳定性高
  • 系统资源消耗低
  • 对HTTP并发连接的处理能力高
    • 单台物理服务器可支持30 000 ~ 50 000个并发请求

实验报告

资源列表

基础环境

• 关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

• 关闭内核安全机制

setenforce 0
sed -i "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config

• 修改主机名

hostnamectl set-hostname nginx

一、编译安装Nginx

安装支持软件

yum -y install pcre-devel zlib-devel gcc++ gcc

创建运行用户、组

useradd -M -s /sbin/nologin nginx
# 不创建用户的主目录
# 指定用户的登录shell

二、源码编译及安装

1、解包

tar zxf nginx-1.12.0.tar.gz -C /usr/src/
cd /usr/src/nginx-1.12.0/

2、配置编译安装

./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
# --prefix：指定将 httpd 服务程序安装到哪个目录下，如/usr/local/httpd
# --user=nginx：这个选项指定了运行 Nginx 进程的用户
# --group=nginx：这个选项指定了运行 Nginx 进程的用户组
# --with-http_stub_status_module：这个选项启用了 Nginx 的 HTTP stub_status 模块

make && make install

3、优化执行路径

ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
ls -l /usr/local/sbin/nginx

三、Nginx 的运行控制

1、检查配置文件

[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

2、启动、停止 Nginx

[root@nginx nginx-1.12.0]# ls /usr/local/nginx/
conf  html  logs  sbin
[root@nginx nginx-1.12.0]# /usr/local/nginx/sbin/nginx         # 启动 Nginx 服务器
[root@nginx nginx-1.12.0]# ss -nlpt | grep 80
LISTEN     0      128          *:80                       *:*                   users:(("nginx",pid=12266,fd=6),("nginx",pid=12265,fd=6))
# 启动 Nginx 服务器之后打开浏览器访问 192.168.72.154
[root@nginx nginx-1.12.0]# /usr/local/nginx/sbin/nginx -s stop        # 停止 Nginx 服务器
[root@nginx nginx-1.12.0]# ss -nlpt | grep 80

3、添加 Nginx 系统服务

[root@nginx nginx-1.12.0]# vi /etc/init.d/nginx
[root@nginx nginx-1.12.0]# cat /etc/init.d/nginx
#!/bin/bash
# 必须在运行级2，3，4，5下被启动或关闭，启动的优先级是90，关闭的优先级是10
# 90是启动优先级，10是停止优先级，优先级范围是0－100，数字越大，优先级越低
#chkconfig: 2345 10 90
#description:Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
    start)
        $PROG
        ;;
    stop)
        kill -s QUIT $(cat $PIDF)
        ;;
    restart)
        $0 stop
        $0 start
        ;;
    reload)
        kill -s HUP $(cat $PIDF)
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|reload}"
        exit 1
esac
exit 0



chmod +x /etc/init.d/nginx
chkconfig --add nginx
systemctl status nginx

四、Nginx访问控制

1、访问状态统计

[root@nginx ~]# vi /usr/local/nginx/conf/nginx.conf
# 在 46 行 localhost 下添加以下内容
        location /status {
            stub_status on;
        }
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~]# systemctl start nginx

2、基于账号密码的访问控制

yum install -y httpd-tools
htpasswd -c /usr/local/nginx/passwd.db test
# 设置密码为123

# 更改权限为 400
chmod 400 /usr/local/nginx/passwd.db
chown nginx /usr/local/nginx/passwd.db
[root@nginx ~]# ll -d /usr/local/nginx/passwd.db
-r-------- 1 nginx root 43 7月  16 09:46 /usr/local/nginx/passwd.db

# 修改主配置文件 nginx.conf
[root@nginx ~]# vi /usr/local/nginx/conf/nginx.conf
# 在 47 行 localhost 里添加以下内容
    auth_basic "secret";   # 添加认证
    auth_basic_user_file /usr/local/nginx/passwd.db; # 指定认证的账户密码文件    

# 检测语法、重启服务
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~]# systemctl restart nginx
# 客户端浏览器访问 192.168.72.154/status

3、基于客户端的访问控制

# deny IP/IP 段：拒绝某个 IP 或 IP 段的客户端访问。
# allow IP/IP 段：允许某个 IP 或 IP 段的客户端访问。

# 修改主配置文件 nginx.conf
[root@nginx ~]# vi /usr/local/nginx/conf/nginx.conf
# 在 47 行 localhost 里添加以下内容
    deny 192.168.72.1;
    allow all;         

# 检测语法、重启服务
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~]# systemctl restart nginx
# 客户端浏览器访问 192.168.72.154/status 已经访问不到了
# 在本机访问
[root@nginx ~]# curl 192.168.72.154/status
Active connections: 1 
server accepts handled requests
 5 5 7 
Reading: 0 Writing: 1 Waiting: 0 

五、Nginx 虚拟主机

1、基于域名的虚拟主机

# 修改主配置文件 nginx.conf
[root@nginx ~]# vi /usr/local/nginx/conf/nginx.conf
# 在 33 行 #gizp on; 下里添加以下内容
    server {
        listen       80;
        server_name  www.kgc01.com;
        location / {
            root   html/kgc01;
            index  index.html index.htm;
        }

    }
    server {
        listen       80;
        server_name  www.kgc02.com;
        location / {
            root   html/kgc02;
            index  index.html index.htm;
        }

    }
[root@nginx ~]# ls /usr/local/nginx/html/
50x.html  index.html
[root@nginx ~]# mkdir /usr/local/nginx/html/kgc01
[root@nginx ~]# mkdir /usr/local/nginx/html/kgc02
[root@nginx ~]# echo 'This is kgc01' > /usr/local/nginx/html/kgc01/index.html
[root@nginx ~]# echo 'This is kgc02' > /usr/local/nginx/html/kgc02/index.html

# 检测语法、重启服务 
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~]# systemctl restart nginx

# 添加 hosts 映射
[root@nginx ~]# vi /etc/hosts
[root@nginx ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.72.154 www.kgc01.com www.kgc02.com

[root@nginx ~]# curl www.kgc01.com
This is kgc01
[root@nginx ~]# curl www.kgc02.com
This is kgc02

2、基于 IP 的虚拟主机

[root@nginx ~]# ifconfig ens33

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.72.154  netmask 255.255.255.0  broadcast 192.168.72.255
        inet6 fe80::a0df:8b6:704a:2632  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c9:ff:b1  txqueuelen 1000  (Ethernet)
        RX packets 64702  bytes 85119679 (81.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10465  bytes 1088462 (1.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


[root@nginx ~]# ifconfig ens33:0 192.168.72.110


[root@nginx ~]# ifconfig ens33:0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.72.110  netmask 255.255.255.0  broadcast 192.168.72.255
        ether 00:0c:29:c9:ff:b1  txqueuelen 1000  (Ethernet)
                  

# 修改主配置文件 nginx.conf
[root@nginx ~]# vi /usr/local/nginx/conf/nginx.conf
# 在 33 行 #gizp on; 下里添加以下内容
    server {
        listen       192.168.72.154;
        server_name  192.168.72.154;
        location / {
            root   html/kgc01;
            index  index.html index.htm;
        }

    }
    server {
        listen       192.168.72.110;
        server_name  192.168.72.110;
        location / {
            root   html/kgc02;
            index  index.html index.htm;
        }

    }
                   
# 检测语法、重启服务 
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~]# systemctl restart nginx
[root@nginx ~]# curl 192.168.72.154
This is kgc01
[root@nginx ~]# curl 192.168.72.110
This is kgc02

3、基于端口的虚拟主机

# 修改主配置文件 nginx.conf
[root@nginx ~]# vi /usr/local/nginx/conf/nginx.conf
# 在 33 行 #gizp on; 下里添加以下内容
    server {
        listen       192.168.72.154:81;
        server_name  192.168.72.154:81;
        location / {
            root   html/kgc01;
            index  index.html index.htm;
        }

    }
    server {
        listen       192.168.72.110:82;
        server_name  192.168.72.110:82;
        location / {
            root   html/kgc02;
            index  index.html index.htm;
        }

    }


# 检测语法、重启服务 
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~]# systemctl restart nginx
[root@nginx ~]# curl 192.168.72.154:81
This is kgc01
[root@nginx ~]# curl 192.168.72.110:82
This is kgc02