Shulou(Shulou.com)06/03 Report--

Blog structure

Nginx introduction

Core features of Nginx

Nginx smooth upgrade

Modify Nginx version information

Nginx virtual host configuration

The role of the nginx profile location option

Configure https to access nginx

Enable Nginx access authentication

I. introduction to nginx

Nginx is a lightweight web server, reverse proxy server and e-mail proxy server. It is known for its stability, rich feature set, instance configuration files, and low system resource consumption.

Nginx is already running on the largest web portal in Russia, while more than 20% of the virtual hosting platforms in Russia use Nginx as the reverse proxy server; in China, Nginx has run on Taobao, Sina, NetEase and other websites using Nginx as the Web server or reverse proxy server.

Core features of nginx (1) Cross-platform: Nginx can be compiled and run in most OS, and there is also a version of Windows that is extremely simple to configure: very easy to start (3) non-blocking, high concurrency connections: the official test can support 50,000 concurrent connections, running to 20,000 and 30,000 concurrent connections in the actual production environment. (this benefits from Nginx using the latest epoll model) (4) event-driven: using the epoll model to support larger concurrent connections (5) Master/Worker structure: a master process that generates one or more worker processes

(6) small memory consumption: very small memory consumption for processing large concurrent requests. Under 30,000 concurrent connections, 10 Nginx processes open consume only 150m of memory (15Mx10=150M) (7) built-in health check function: if a Web server at the back end of the Nginx agent goes down, the front-end access will not be affected. (8) bandwidth saving: GZIP compression is supported, and Header headers cached locally by the browser can be added. (9) High stability: for reverse proxy, the probability of downtime is slightly lower than that of micro-3.nginx smooth upgrade (case)

Download the software package

[root@localhost] # yum-y install pcre-devel openssl-devel [root@localhost ~] # tar zxf nginx-1.14.0.tar.gz [root@localhost ~] # tar zxf nginx-1.2.4.tar.gz [root@localhost nginx-1.14.0] #. / configure-- prefix=/usr/local/nginx-- with-http_ssl_module & & make & & make install [root@localhost nginx-1.14.0] # ln-s / usr/local/ Nginx/sbin/nginx / usr/local/sbin/ [root@localhost nginx-1.14.0] # nginx [root@localhost nginx-1.14.0] # useradd nginx- s / sbin/nologin-M [root@localhost nginx-1.2.4] # cd nginx-1.2.4/ [root@localhost nginx-1.2.4] #. / configure-- prefix=/usr/local/nginx-- with-http_ssl_module & & make [root@localhost nginx-1.2.4 ] # mv / usr/local/nginx/sbin/nginx / usr/local/nginx/sbin/nginx.old [root@localhost nginx-1.2.4] # cp objs/nginx / usr/local/nginx/sbin/ [root@localhost nginx-1.2.4] # netstat-anpt | grep nginxtcp 00 0.0.0.0 usr/local/nginx/sbin/nginx.old 80 0.0.0.0: LISTEN 17739/nginx: master [root@localhost nginx- 1.2.4] # kill-USR2 17739 [root@localhost nginx-1.2.4] # nginx- s reload [root@localhost ~] # kill-QUIT 17739 / smoothly close the older nginx process [root@localhost nginx-1.2.4] # nginx- V\\ View version nginx version: nginx/1.2.4built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) TLS SNI support enabledconfigure Arguments:-- prefix=/usr/local/nginx-- with-http_ssl_module about nginx using the kill command commonly used parameters: QUIT smooth shutdown HUP smooth restart Reload the configuration file USR1 reopen the log file USR2 smooth upgrade executable WINCH smoothly close the work process IV. Modify nginx version information [root@localhost ~] # vim / usr/src/nginx-1.2.4/src/core//nginx.h... / / omit part of the content # define nginx_version 1002004#define NGINX_VERSION "8.8.8.8" / / modify it to the information you want according to the actual situation # define NGINX_VER "xws/" NGINX_VERSION / / ditto Pay attention to the modified lzj [root@localhost ~] # vim / usr/src/nginx-1.2.4/src/http/ngx_http_header_filter_module.c... / / omit part of the content static char ngx_http_server_string [] = "Server: xws" CRLF; / / same as the modified name in the previous file (lzj) static char ngx_http_server_full_string [] = "Server:" NGINX_VER CRLF; [root@localhost ~] # vim / usr/src/nginx-1.2.4/src/http/ngx_http_special_response.c... / / omit part of the content static u_char ngx_http_error_tail [] = "xws" CRLF / / pay attention to be consistent with the modified lzj in the previous two files "" CRLF "" CRLF [root@localhost] # cd / usr/src/nginx-1.2.4/ [root@localhost nginx-1.2.4] #. / configure-- prefix=/usr/local/nginx-- with-http_ssl_module & & make [root@localhost ~] # mv / usr/local/nginx/sbin/nginx / usr/local/nginx/sbin/nginx.bak [root@localhost ~] # cp / usr/src/nginx-1.2.4/objs/nginx / usr/local/nginx/ Sbin/ [root@localhost ~] # nginx-s stop / / stop the nginx service [root@localhost] # nginx / / enable the nginx service [root@localhost ~] # curl-I 127.0.0.1HTTP/1.1 200 OKServer: xws/8.8.8.8 / / View version information Date: Sat 30 Nov 2019 15:06:32 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Sat, 30 Nov 2019 14:42:09 GMTConnection: keep-aliveAccept-Ranges: bytes five. Implement nginx virtual host (same ip for different domain names) [root@localhost ~] # vim / usr/local/nginx/conf/nginx.conf\\ add the following http {include mime.types; default_type application/octet-stream; server {\\ to add listen 80; server_name www.accp.com; location / {root / accp to the http Index index.html index.htm;}} server {listen 80; server_name www.bdqn.com; location / {root / bdqn; index index.html index.htm } [root@localhost ~] # mkdir / bdqn [root@localhost ~] # mkdir / accp [root@localhost ~] # vim / bdqn/index.htmlwww.bdqn.com [root@localhost ~] # vim / accp/index.htmlwww.accp.com [root@localhost ~] # nginx-s reload [root@localhost ~] # vim / etc/hosts192.168.148.130 www.bdqn.com192.168.148.130 www.accp.com [ Root@localhost ~] # curl www.bdqn.comwww.dbqn.com [root@localhost ~] # curl www.accp.comwww.accp.com6.nginx configuration file the role of the location option (case) the difference between alias and root root: the actual accessed file will be spliced with the path of URL: the path of the actual accessed file will not be spliced using root [root @ localhost /] # vim / usr/local/nginx/conf/nginx.conflocation ^ ~ / www {root / var/www/html / / when accessing 192.168.148.130/www/, look for the file index index.html index.htm; in the www directory under / var/www/html} [root@localhost /] # mkdir-p / var/www/html/www/ [root@localhost /] # vim / var/www/html/www/index.htmlwww [root@localhost /] # nginx-s reload

The visit is as follows:

Use alias [root @ localhost /] # vim / usr/local/nginx/conf/nginx.conflocation ^ ~ / test {alias / var/www/html;\\ to find the web page file index index.html index.htm;} [root@localhost /] # vim / var/www/html/index.htmltest [root@localhost /] # nginx-s reload under / var/www/html

The visit is as follows:

When matching the specified suffix, redirect to the specified file [root@localhost /] # vim / usr/local/nginx/conf/nginx.conf location ~ *\. (gif | jpg | jpeg | png | css | js | ico) ${root/ webroot/res/;\\ when you visit the page at the end of the above content, you will find the file index index.html index.htm in the / / webroot/res path. } [root@localhost /] # mkdir / webroot/res-p [root@localhost /] # mv uplink 3485698722\, 1702346544\ & fm\ = 26\ & gp\ = 0.jpg / webroot/res/a.png [root@localhost /] # ls / webroot/resa.png [root@localhost /] # nginx-s reload access is as follows:

[root@localhost /] # vim / usr/local/nginx/conf/nginx.conf location ~ *. (gif | jpg | jpeg | png | css | js | ico) ${\ this is added to the above command, otherwise it is not easy to report an error rewrite. (gif | jpg) / error.png } [root@localhost /] # mv xxx.jfif / usr/local/nginx/html/error.png [root@localhost /] # ls / usr/local/nginx/html/ [root@localhost /] # nginx-s reload visit as follows:

seven。 Configure https to access nginx

Enable the https function of nginx. If you need to compile, add an option-- with-http_ ssl module

The difference between http and https

Ht tp uses a port number of 80 and clear text for data transmission

Https uses port 443 and uses ciphertext for data transmission. Ca digital signature is required to complete [root@localhost ca] # mkdir / usr/local/nginx/ca [root@localhost ca] # cd / usr/local/nginx/ca/ [root@localhost ca] # openssl genrsa-out ca.key 4096\\ to fill in Generating RSA private key casually. 4096 bit long modulus..++...++e is 65537 (0x10001) [root@localhost ca] # openssl req-new-x509-days 7304-key ca.key-out ca.crtYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter Is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value If you enter'.', the field will be left blank.-Country Name (2 letter code) [XX]: aaState or Province Name (full name) []: ccLocality Name (eg, city) [Default City]: vvOrganization Name (eg, company) [Default Company Ltd]: asOrganizational Unit Name (eg, section) []: dfCommon Name (eg) Your name or your server's hostname) []: ffEmail Address []: asd [root@localhost ca] # lsca.crt ca.key [root@localhost ca] # nginx-s stop [root@localhost ca] # nginx [root@localhost ca] # vim / usr/local/nginx/conf/nginx.conf server {\\ the original server is added as follows: listen 443 ssl Server_name localhost; ssl_certificate / usr/local/nginx/ca/ca.crt;\\ path for certificate storage ssl_certificate_key / usr/local/nginx/ca/ca.key;\\ key storage path ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; access_log / usr/local/nginx/logs/https-access.log The visit is as follows:

Turn on authentication

Nginx uses http2 version, which requires nginx version above 1. 10. You need to add a compilation option-- with-http v2 module-- when installing

Http2.0 version can only be used on https. Modify-step configuration file listen 443 ssl http2

So before this, you need to recompile nginx [root@localhost nginx-1.14.0] # cd nginx-1.14.0/ [root@localhost nginx-1.14.0] #. / configure-- prefix=/usr/local/nginx-- with-http_ssl_module-- with-http_v2_ module [root @ localhost nginx-1.14.0] # make// to open the nginx authentication page, you need to use the htpasswd command to generate user information [root@localhost /] # yum-y install httpd-tools [root@localhost ~] # htpasswd-c / usr/local/nginx/.passwd xwsNew password: Re-type new password: Adding password for user xws// user authentication information storage path is / usr/local/nginx/.passwd// to add a second user to .pas swd The "- c" option needs to be omitted, otherwise all previous users will be overwritten. [root@localhost] # vim / usr/local/nginx/conf/nginx.conf. / / omit part of the content location / {root html; index index.html index.htm; auth_basic "Please enter login account"; / / add prompt statement auth_basic_user_file / usr/local/nginx/.passwd; / / path for storing authentication information}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.