Shulou(Shulou.com)06/02 Report--

Nginx status Page

Based on the ngx_http_auth_basic_module implementation of the nginx module, you need to add the compilation parameter-with-http_stub_status_module when compiling and installing nginx, otherwise monitoring will prompt syntax errors after the configuration is completed.

Check whether the ngx_http_auth_basic_module module [root@CentOS7] # / apps/nginx/sbin/nginx-Vnginx version: nginx/1.14.2built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017TLS SNI support enabledconfigure arguments:-- prefix=/apps/nginx-- user=nginx-- group=nginx-- with-http_ssl_module-- with-http_v2_module-- with -http_realip_module-- with-http_stub_status_module-- with-http_gzip_static_module-- with-pcre-- with-stream-- with-stream_ssl_module-- with-stream_realip_module-- with-http_perl_ module [root @ CentOS7 ~] # vim / apps/nginx/conf/nginx.conf location / nginx_status {stub_status Allow 192.168.36.0 reload 24; deny all;} [root@CentOS7 ~] # / apps/nginx/sbin/nginx-s reload

Access test

[root@CentOS-Test ~] # curl 192.168.36.104/nginx_statusActive connections: 1server accepts handled requests 124 124 223 # these three numbers correspond to the three values of accepts,handled,requests Reading: 0 Writing: 1 Waiting: 0Active connections: the number of client connections that are currently active, including the number of connections waiting for idle connections. Accepts: the total value, the total number of client requests accepted by Nginx since it was started. Handled: total value, the total number of client requests processed by Nginx since startup, which is usually equal to accepts, unless there are connections that have been rejected due to worker_connections restrictions. Requests: the total value, the total number of requests sent by the client since Nginx was started. Reading: the current state, the number of connections that are reading the header of the client request message. Writing: the current state, the number of connections in the process of sending a response message to the client. Waiting: current status, the number of idle connections waiting for a request from the client When keep-alive is enabled, this value is equal to active-(reading+writing) Nginx third-party module adds third-party module: echo-nginx-module [root@CentOS7 ~] # yum install git-y [root@CentOS7 ~] # git clone https://github.com/openresty/echo-nginx-module.git[root@CentOS7 ~] # cd nginx-1.14.2/ [root@CentOS7 nginx-1.14.2] #. / configure\ # recompile and install >-- prefix=/apps/nginx\ >-- user=nginx-- group=nginx\ >-- with -http_ssl_module\ >-- with-http_v2_module\ >-- with-http_realip_module\ >-- with-http_stub_status_module\ >-- with-http_gzip_static_module\ >-- with-pcre\ >-- with-stream\ >-- with-stream_ssl_module\ >-- with-stream_realip_module\ >-- with-http_perl_module\ >-- add Add echo module [root@CentOS7 nginx-1.14.2] # make & & make install # make to install [root@CentOS7 ~] # vim / apps/nginx/conf.d/pc.conf [root@CentOS7 ~] # cat / apps/nginx/conf.d/pc.confserver {listen 80 Server_name www.darius.com; error_log logs/www_darius_com_error.log; access_log logs/www_darius_com_access.log; location / main {index index.html; default_type text/html; echo_reset_timer; echo_location / sub1; echo_location / sub2; echo "took $echo_timer_elapsed sec for total.";} location / sub1 {echo_sleep 1; echo sub1 } location / sub2 {echo_sleep 1; echo sub2;}} [root@CentOS7 ~] # / apps/nginx/sbin/nginx-tnginx: the configuration file / apps/nginx/conf/nginx.conf syntax is oknginx: configuration file / apps/nginx/conf/nginx.conf test is successful [root@CentOS7 ~] # / apps/nginx/sbin/nginx-s reload

Access test

[root@CentOS7 ~] # curl www.darius.com/mainsub1sub2took 2.008 sec for total.Nginx variable is used

Variables of nginx can be referenced in configuration files and used as scenarios such as functional judgment or logs. Variables can be divided into built-in variables and custom variables, which are included in the nginx module. A large number of values related to client access can be obtained through variables.

The built-in variable $remote_addr; stores the address of the client. Note that the public network IP of the client, that is, a website visited by a family, will be displayed as the public network IP of the router. The $args; variable stores the instructions in URL, such as id=20190221&partner=search$document_root; in http://www.darius.com/main/index.do?id=20190221&partner=search, which stores the system root directory of requests for the current resource, such as / apps/nginx/htm$document_uri Save the URI that does not contain instructions in the current request, note that it does not contain the requested instructions, for example, http://www.darius.com/main/index.do?id=20190221&partner=search will be defined as / main/index.do$host;# holds the host name of the request. Details of the $http_user_agent; client browser $http_cookie; client cookie information limit_rate 10240 X echo $limit_rate; if the nginx server is configured to display the network rate using limit_rate, it will be displayed, if not set, the port that the 0 $remote_port; client requests the Nginx server to open at random, which is each client's own port $remote_user; user name $request_body_file that has been verified by Auth Basic Module The name of the local resource sent to the backend server when doing the reverse proxy $request_method; method of requesting the resource, the path name of the resource file currently requested by $request_filename;, such as GET/PUT/DELETE, and the absolute path of the file generated by the root or alias directive and the URI request, such as / apps/nginx/html/main/index.html$request_uri; contains the original URI of the request parameters, does not include the hostname, such as: / main/index.do?id=20190221&partner=search$scheme The requested protocol, such as ftp,https,http, $server_protocol;, etc., saves the version of the protocol used by the client to request resources, and $server_addr;, such as HTTP/1.0,HTTP/1.1,HTTP/2.0, saves the IP address of the server, the hostname of the server requested by server_name;, $server_port. The custom variable of the port number of the requested server if you need to customize the variable name and value, use the instruction set $variable value;, as follows: set $name magedu;echo $name;set $my_port $server_port;echo $my_port;echo "$server_name:$server_port"; example 1, view the Nginx built-in variable [root@CentOS7 ~] # vim / apps/nginx/conf.d/pc.conf [root@CentOS7 ~] # cat / apps/nginx/conf.d/pc.confserver {listen 80 Server_name www.darius.com; error_log logs/www_darius_com_error.log; access_log logs/www_darius_com_access.log; location / main {index index.html; default_type text/html; echo $request_uri }} [root@CentOS7 ~] # / apps/nginx/sbin/nginx-s reload [root@CentOS7 ~] # curl www.darius.com/main/main [root@CentOS7 ~] # curl www.darius.com/main/xxx/main/xxx2, view the Nginx custom variable [root@CentOS7 ~] # vim / apps/nginx/conf.d/pc.conf [root@CentOS7 ~] # cat / apps/nginx/conf.d/pc.confserver {listen 80; server_name www.darius.com Error_log logs/www_darius_com_error.log; access_log logs/www_darius_com_access.log; location / main {index index.html; default_type text/html; set $name Darius; echo $name;} [root@CentOS7 ~] # / apps/nginx/sbin/nginx-s reload [root@CentOS7 ~] # curl www.darius.com/mainDarius Custom Nginx access Log

The access log records the specific request content information of the client, that is, the user. The error_log in the global configuration module records the log saving path when the nginx server is running and the level that records the log, so there is an essential difference. And there is generally only one error log in Nginx, but multiple access logs can be defined in different server. To define a log, you need to use access_log to specify the storage path of the log. Use log_format to specify the format of the log, which defines the specific log contents to be saved.

Default log format log_format main'$remote_addr-$remote_user [$time_local] "$request"'$status $body_bytes_sent "$http_referer"'"$http_user_agent"$http_x_forwarded_for"; access_log logs/access.log main Custom json format log [root@CentOS7 ~] # vim / apps/nginx/conf/nginx.conf log_format access_json'{"@ timestamp": "$time_iso8601",''"host": "$server_addr",''"clientip": "$remote_addr",''"size": $body_bytes_sent '' "responsetime": $request_time,''"upstreamtime": "$upstream_response_time", "upstreamhost": "$upstream_addr", "http_host": "$host",''"uri": "$uri" '' "domain": "$host", "xff": "$http_x_forwarded_for", "referer": "$http_referer",''"tcp_xff": "$proxy_protocol_addr" '' "http_user_agent": "$http_user_agent", "status": "$status"}' Access_log / apps/nginx/logs/access_json.log access_json Reload nginx and access the test log format [root@CentOS7 ~] # / apps/nginx/sbin/nginx-s reload [root@CentOS7 ~] # tail-f / apps/nginx/logs/access_json.log {"@ timestamp": "2019-05-30T18:58:23+08:00", "host": "192.168.36.104", "clientip": "192.168.36.110", "size": 15, "responsetime": 0.000, "upstreamtime": "-", "upstreamhost": "-" "http_host": "192.168.36.104", "uri": "/ index.html", "domain": "192.168.36.104", "xff": "-", "referer": "-", "tcp_xff": "," http_user_agent ":" curl/7.29.0 " "status": "200"} python implements log access statistics in json format [root@CentOS7 logs] # cat nginxaccounjson.pyknobins Env python#coding:utf-8status_200= [] status_404= [] with open (" access_json.log ") as f: for line in f.readlines (): line = eval (line) if line.get (" status ") = =" 200 ": status_200 .append (line.get) elif line.get ("status") = = "404": status_404.append (line.get) else: print ("status code ERROR") f.close () print "status code 200has--:" Len (status_200) print "status code 404 has--:", len (status_404) saves the log file to the specified path and tests: [root@CentOS7 ~] # python nginx_json.py.... Status code 200has--: 403428 status code 404has 125712Nginx compression function

Nginx supports compression of specified types of files and then transferring them to the client, and the compression ratio can be set so that the compressed file size is significantly smaller than that of the source file, which helps to reduce the utilization of egress bandwidth and reduce the enterprise's IT expenditure, but it will take up corresponding CPU resources. Nginx's file compression function depends on the module ngx_http_gzip_module

Enable or disable gzip compression, disable gzip on by default | off; compression ratio from low to high from 1 to 9, default is 1gzip_comp_level level; disable IE6 gzip function gzip_disable "MSIE [1-6]\."; the minimum file compressed by gzip, files smaller than the set value will not be compressed gzip_min_length 1k; when compression is enabled, the minimum version of the protocol, default HTTP/1.1gzip_http_version 1.0 | 1.1 Specify the number * size of cache space that the Nginx service needs to request from the server. The default is 324k | 168 kb _ buffers number size; indicates only the types of resources for which compression operations are performed. The default is gzip_types text/html, and the specified value is not displayed, otherwise there will be an error gzip_types mime-type. If compression is enabled, whether to insert "Vary: Accept-Encoding" gzip_vary on in the header of the response message | off

Profile modification

Gzip on; gzip_comp_level 5; gzip_min_length 1; gzip_types text/plain application/javascript application/x-javascript text/cssapplication/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; gzip_vary on [root@CentOS7] # / apps/nginx/sbin/nginx-tnginx: the configuration file / apps/nginx/conf/nginx.conf syntax is oknginx: configuration file / apps/nginx/conf/nginx.conf test is successful [root@CentOS7 ~] # / apps/nginx/sbin/nginx-s reload

Access test

[root@CentOS-Test] # curl-- head-- compressed http://www.darius.com/test1.htmlHTTP/1.1 200 OKServer: nginxDate: Thu, 30 May 2019 11:26:49 GMTContent-Type: text/htmlLast-Modified: Thu, 30 May 2019 11:26:31 GMTConnection: keep-aliveVary: Accept-EncodingETag: W / "5cefbde7-720" Content-Encoding: gzipHTTPS function

The login pages of Web websites are encrypted and transmitted using https, encrypting data to ensure the security of data, and HTTPS can encrypt information to prevent sensitive information from being obtained by third parties, so many bank websites or e-mail boxes and other services with a higher level of security will use HTTPS protocol. HTTPS is actually composed of two parts: HTTP + SSL / TLS, that is, adding a layer of module to deal with encrypted information on HTTP. The information transmission between the server and the client will be encrypted through TLS, so the data transmitted is encrypted.

Https implementation process

1. The client initiates a HTTPS request:

The client accesses the https address of a web end, which is usually port 443.

two。 Server configuration:

Servers that adopt the https protocol must have a set of certificates, which can be applied through some organizations or made by themselves. At present, many domestic websites do it by themselves. When you visit a website, it indicates that the certificate cannot be trusted, which means that the certificate is made by yourself. The certificate is a public key and a private key, just like a lock and key. Normally, only your key can open your lock. You can give this to someone to lock a box full of money or secrets. Other people don't know what's in it and no one else can open it. Only your key can be opened.

3. Transfer Certificate:

The server passes the certificate to the client, which is actually the public key, which contains a lot of information, such as the authority of the certificate, the expiration time, and so on.

4. Client resolution certificate:

This part of the work is done by the client. First, verify the validity of the public key, such as the authority, the expiration time, and so on. If an exception is found, a warning box will pop up to indicate that there may be a problem with the certificate. If there is no problem with the certificate, generate a random value, and then encrypt the random value with the certificate, as described in step 2. Lock up the random value so that no one can see it.

5. Transfer 4-step encrypted data:

Is to pass the random value encrypted with the certificate to the server, the purpose is to let the server get this random value, and then the communication between the client and the server can be encrypted and decrypted through this random value.

6. Server decrypts information:

After the server decrypts the random value after five-step encryption with the private key, it gets the random value (private key) from the client, and then encrypts the content symmetrically through this value, which is a mixture of information and private key through the algorithm. in this way, unless you know the private key, it is impossible to get its internal content, and it happens that both the client and the server know the private key. So as long as the secret algorithm is complex enough, the security of the data can be guaranteed.

7. Transmit encrypted information:

The server will pass the encrypted data with the private key to the client, where the original data can be restored.

8. Client decrypts information:

The client uses the previously generated private key to decrypt the data passed by the server, because the data is always encrypted, so even if the third party obtains the data, it cannot know its details.

Ssl configuration parameters

The https function of nginx is based on the module ngx_http_ssl_module, so if you are compiling and installing nginx, you need to use the parameter ngx_http_ssl_module to enable the ssl function, but as the core function of nginx, nginx installed by yum is enabled by default, and nginx for compilation and installation needs to specify the compilation parameter-- with-http_ssl_module enabled.

Ssl on | whether ssl is enabled for the specified virtual host configuration. This feature is deprecated in 1.15.0 and replaced by listen [ssl]. Ssl_certificate / path/to/file; the public key file used by the current virtual host is generally the crt file ssl_certificate_key / path/to/file; private key file used by the current virtual host, and it is generally the key file ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2] Supports ssl protocol version, previously ssl and now TSL. Default is the last three ssl_session_cache off | none | [builtin [: size]] [shared:name:size] Configure ssl cache off: disable cache none: notify the client that ssl session cache is supported, but not builtin [: size]: use OpenSSL built-in cache to be private for each worker process [shared:name:size]: use a shared cache between worker. You need to define a cache name and cache space size. 4000 session information can be stored in one megabyte, and multiple virtual hosts can use the same cache name. Ssl_session_timeout time # client connections can reuse the valid duration of the cache in ssl session cache Default 5m self-signed certificate creation self-signed CA certificate [root@CentOS7] # cd / apps/nginx/ [root@CentOS7 nginx] # mkdir certs [root@CentOS7 nginx] # cd certs/ [root@CentOS7 certs] # openssl req-newkey rsa:4096-nodes-sha256-keyout ca.key-x509-days 3650-out ca.crt # self-signed CA certificate Generating a 4096 bit RSA private key. . . . +. .. + + writing new prvate key to 'ca.key'-You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name ora DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value Lf you enter'.', the field will be left blamk-Country Name (2 letter code) [XX]: CN # country Code State or Province Name (full name) []: BeiJing # Provincial Locality Name (eg, city) [Default City]: BeiJing # City name Organization Name (eg, company) [Default Company Ltd]: magedu.com # Company name Organizational Unit Name (eg, section) []: magedu # Department Common Name (eg Your name or your server's hostname) []: M36 # Common name Email Address []: # mailbox [root@CentOS7 certs] # ll ca.crt-rw-r--r-- 1 root root May 30, 2009 19:34 ca.crt creates a custom key and csr file [root@CentOS7 certs] # openssl req-newkey rsa:4096-nodes-sha256-keyout www.darius.com.key-out www.darius.com.csrGenerating a 4096 bit RSA private key.. . + +.. + + writing new prvate key to 'www.danrius.com.key'-You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name ora DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value Lf you enter'.', the field will be left blank.-Country Name (2 letter code) [XX]: CNState or Province Name (full name) []: BeiJingLocality Name (eg, city) [Default City]: BeiJingOrganization Name (eg, company) [Default Company Ltd]: magedu.comOrganizational Unit Name (eg, section) []: mageduCommon Name (eg) Your name or your server's hostname) []: M36Email Address []: Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []: An optional company name []: [root@CentOS7 certs] # Total amount of ll 16kuwkashi-1 root root May 30 19:34 ca.crt-rw-r--r-- 1 root root 3272 May 30 19:34 ca.key-rw-r--r-- 1 root root 1695 May 30 19 38 www.darius.com.csr-rw-r--r-- 1 root root 3272 May 30 19:38 www.darius.com.key Certificate issuance [root@CentOS7 certs] # openssl x509-req-days 3650-in www.darius.com.csr- CA ca.crt-CAkey ca.key-CAcreateserial-out www.darius.com.crtSignature oksubject=/C=CN/ST=BeiJing/L=BeiJing/O=magedu.com/OU=magedu/CN=M36Getting CA Private Key verify the certificate content [root@CentOS7 certs] # openssl x509-in www .darius.com.crt-noout-textCertificate: Data: Version: 1 (0x0) Serial Number: fe:15:2c:1a:9d:a5:df:f5 Signature Algorithm: sha256WithRSAEncryption Issuer: C=CN ST=BeiJing, L=BeiJing, O=magedu.com, OU=magedu, CN=M36 Validity Not Before: May 30 11:42:02 2019 GMT Not After: May 27 11:42:02 2029 GMT Subject: C=CN, ST=BeiJing, L=BeiJing, O=magedu.com, OU=magedu CN=M36 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) modify Nginx configuration file [root@CentOS7 ~] # vim / apps/nginx/conf.d/pc.conf [root@CentOS7 ~] # cat / apps/nginx/conf.d/pc.confserver {listen 80 Listen 443 ssl; ssl_certificate / apps/nginx/certs/www.darius.com.crt; ssl_certificate_key / apps/nginx/certs/www.darius.com.key; ssl_session_cache shared:sslcache:20m; ssl_session_timeout 10m; server_name www.darius.com; error_log logs/www_darius_com_error.log; access_log logs/www_darius_com_access.log; location / {index index.html; root / data/nginx/html/pc }} [root@CentOS7 ~] # / apps/nginx/sbin/nginx-tnginx: the configuration file / apps/nginx/conf/nginx.conf syntax is oknginx: configuration file / apps/nginx/conf/nginx.conf test is successful [root@CentOS7 ~] # / apps/nginx/sbin/nginx-s reload

Access test

About favicon.ico

The favicon.ico file is the icon displayed when the browser favorites the URL. When the client uses the browser to ask the page, the browser will initiate a request to obtain the favicon.ico file of the page, but when the favicon.ico file requested by the browser does not exist, the server will record the 404 log, and the browser will also display the 404 error.

Specific configuration 1: the server does not record access logs: # location = / favicon.ico {# log_not_found off; # access_log off; #} II: save the icon to the specified directory access: # location ~ ^ / favicon\ .ico ${location = / favicon.ico {root / data/nginx/images123;}

Display effect

Modify the Nginx Server version information to modify the Nginx source file. This configuration file needs to add server_tokens off; to the http of nginx.conf to enable nginx version hiding to achieve the desired effect [root@CentOS7 nginx-1.14.2] # vim src/http/ngx_http_header_filter_module.c 49 static u_char ngx_http_server_string [] = "Server: Darius/10.0" CRLF Stop the Nginx service Recompile Nginx [root@CentOS7 nginx-1.14.2] # / apps/nginx/sbin/nginx-s stop [root@CentOS7 nginx-1.14.2] #. / configure-- prefix=/apps/nginx-- user=nginx-- group=nginx-- with-http_ssl_module-- with-http_v2_module-- with-http_realip_module-- with-http_stub_status_module-- with-http_gzip_static_module-- with-pcre-- with-stream-- with -stream_ssl_module-- with-stream_realip_module-- add-module=/root/echo-nginx-module [root@CentOS7 nginx-1.14.2] # make & & make × × tall start service [root@CentOS7 nginx-1.14.2] # / apps/nginx/sbin/nginx detection [root@CentOS7-Test ~] # curl-I www.darius.comHTTP/1.1 200 OKServer: Darius/10.0 modifies src/core/nginx.h files without enabling hiding function To modify version information [root@CentOS7 nginx-1.14.2] # vim src/core/nginx.h 13 # define NGINX_VERSION "10.0" 14 # define NGINX_VER "Darius/" NGINX_VERSION

Nginx Rewrite related functions

The Nginx server uses the ngx_http_rewrite_module module to parse and process rewrite requests, which relies on PCRE (perl compatibler egularexpression), so install the PCRE library before compilation. Rewrite is one of the important functions of the nginx server, which is used to rewrite URL. URL rewriting is a very useful function, for example, after we change the structure of the website, there is no need for the client to modify the original bookmark or other websites to modify our links. It can be set to visit, and the security of the website can be improved to some extent.

If instruction

It is used for condition matching judgment, and different Nginx configurations are selected according to the condition judgment results, which can be configured in server or location blocks. The if syntax of Nginx can only use if to make a single judgment, and multiple judgments such as if else or if elif are not supported.

Location / main {index index.html; default_type text/html; if ($scheme = http) {echo "if-- > $scheme";}} [root@CentOS7 conf.d] # nginx-tnginx: the configuration file / apps/nginx/conf/nginx.conf syntaxis oknginx: configuration file / apps/nginx/conf/nginx.conf test is successful [root@CentOS7 conf.d] # nginx-s reload Detection [root@CentOS7-Test ~] # curl www.darius.com/mainif-- > http

Use regular expressions to match variables. If the match is successful, the if instruction thinks the condition is true, otherwise it is considered false. The following symbolic links are used between variables and expressions.

=: # compare whether the variable and the string are equal, and if so, the if instruction considers the condition to be true, and vice versa. ! =: # compare whether the variable and the string are not equal. If they are not equal, the if instruction thinks that the condition is true, and vice versa. ~: # means case-sensitive characters in the matching process (can be matched by regular expressions). The matching condition is true and the matching condition is false. ~ *: # means that characters are not case-sensitive in the matching process (can be matched through regular expressions). If the matching condition is true, it does not meet the requirement of asking false. ! ~: # case-sensitive mismatch, dissatisfaction is true, contentment is false, dissatisfaction is true. ! ~ *: # is case-insensitive mismatch, false for satisfaction and true for dissatisfaction. -f and!-f: determine whether the requested file exists and does not exist-d and!-d: # determine whether the requested directory exists and does not exist. -x and!-x: # determine whether the file is executable and unexecutable. -e and!-e: # determine whether the requested file or directory exists and does not exist (including files, directories, soft links). Note: if the value of the $variable is an empty string or any string that begins with 0, the if directive considers the condition to be false and the other conditions to be true. Set instruction

Specify key and define a variable. The variable can be assigned to key by calling the Nginx built-in variable. In addition, the set definition format is set $key $value, and both key and value need to add a $symbol.

[root@CentOS7 conf.d] # vim pc.conf location / set {root index.html; default_type text/html; set $name Darius; echo $name; set $my_port $server_port; echo $my_port } [root@CentOS7 conf.d] # nginx-tnginx: the configuration file / apps/nginx/conf/nginx.conf syntaxis oknginx: configuration file / apps/nginx/conf/nginx.conf test is successful [root@CentOS7 conf.d] # nginx-s reload Detection [root@CentOS7-Test ~] # curl www.darius.com/setDarius80break instruction

It is used to interrupt other Nginx configurations in the current same scope (location). If the Nginx configuration is in the same scope as the instruction, the configuration in front of it takes effect, and the instruction configuration behind it no longer takes effect. When the Nginx server encounters the instruction in the process of processing the request according to the configuration, it goes back to the upper scope and continues to read the configuration downwards. This instruction can be used in server block, location block and if block. The usage syntax is as follows:

[root@CentOS7 conf.d] # vim pc.conf location / set {root index.html; default_type text/html; set $name Darius; echo $name; break; set $my_port $server_port; echo $my_port;} [root@CentOS7 conf.d] # nginx-s reload detect [root@CentOS7-Test ~] # curl www.darius.com/setDariusreturn instruction

Supported from nginx version 0.8.2, return is used to complete the processing of the request and return the response status code directly to the client, for example, it can specify the redirect URL (for special redirection status code, 301amp 302, etc.) or specify the prompt text content (for special status code 403amp 500, etc.). All configurations after this directive will not be executed, and return can be configured in server, if and location blocks.

Location / main {index index.html; default_type text/html; if ($scheme = http) {return 666 "not allow http"; # can be the HTTP status code specified by the client, the status code and response body content returned to the client (variables can be called), or the client URL address echo "if- > $scheme" The one after # return will no longer execute} [root@CentOS7-Test ~] # curl www.darius.com/mainnot allow http [root@CentOS7-Test ~] # curl-I www.darius.com/mainHTTP/1.1 666Server: Darius/10.0Date: Sat, 01 Jun 2019 03:52:37 GMTContent-Type: text/htmlContent-Length: 14Connection: keep-alive

Rewrite_log instruction

Set whether to enable logging ngx_http_rewrite_module module to log in error_log log files, which can be configured in http, server, location or if. The log level needs to be notice.

[root@CentOS7 conf.d] # vim. / conf/nginx.conferror_log logs/error.log notice; # enable error log notice level [root@CentOS7 conf.d] # vim pc.conf # enable rewrite_log directive location / set {root index.html; default_type text/html; set $name Darius; echo $name; rewrite_log on; break; set $my_port $server_port; echo $my_port } [root@CentOS7 conf.d] # nginx-tnginx: the configuration file / apps/nginx/conf/nginx.conf syntax is oknginx: configuration file / apps/nginx/conf/nginx.conf test is successful [root@CentOS7 conf.d] # nginx-s reload visit and verify [root@CentOS7 conf.d] # tail-f / apps/nginx/logs/*.log== > / apps/nginx/logs/error.log / apps/nginx/logs/www_darius_com_access.log set name dariusOK192.168. 36.104CentOS7 6379 > get name "darius" 192.168.36.104 CentOS7 6379 > installation of load balancer instance server based on Mariab [root @ root-1 ~] # yum install-y mariadb mariadb-server [root@CentOS7-1 ~] # systemctl start mariadb # start mariadb database service [root@CentOS7-1 ~] # systemctl enable mariadb # boot self-startup database service [root@CentOS7-1 ~] # ss-ntl | grep 3306 # check Whether the port starts LISTEN 050 *: 3306 *: * Created symlink from / etc/systemd/system/multi-user.target.wants/mariadb.service to / usr/lib/systemd/system/mariadb.service. [root@CentOS7-1 ~] # mysql_secure_installation # secure the database and authorize the database to operate MariaDB [(none)] > GRANT ALL PRIVILEGES ON *. * TO 'root'@'192.168.36.%' IDENTIFIED BY' centos' Query OK, 0 rows affected (0.00 sec) MariaDB [(none)] > FLUSH PRIVILEGES;Query OK, 0 rows affected (0.00 sec)

Nginx configuration

[root@CentOS7 tcp] # vim tcp.confstream {upstream mysql_server {least_conn; server 192.168.36.110 max_fails=3 fail_timeout=30s;} server {listen 192.168.36.104 upstream mysql_server 3306; proxy_connect_timeout 3s; proxy_timeout 3s; proxy_pass mysql_server }} [root@CentOS7 tcp] # nginx-tnginx: the configuration file / apps/nginx/conf/nginx.conf syntax is oknginx: configuration file / apps/nginx/conf/nginx.conf test is successful [root@CentOS7 tcp] # nginx-s reload checks the load port [root@CentOS7 tcp] # ss-ntl | grep 3306LISTEN 0 128 192.168.36.104 Fran 3306 *: *

# Test connecting to Mysql through nginx load

[root@CentOS7-1] # mysql-uroot-pcentos-h 192.168.36.104Welcome to the MariaDB monitor. Commands end with; or\ g.Your MariaDB connection id is 16Server version: 5.5.60-MariaDB MariaDB ServerCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or'\ h' for help. Type'\ c'to clear the current input statement.MariaDB [(none)] > CREATE DATABASE Darius;Query OK, 1 row affected (0.00 sec) MariaDB [(none)] > SHOW DATABASES +-+ | Database | +-+ | information_schema | | Darius | | mysql | | performance_schema | | test | +-+ 5 rows in set (0.00 sec) MariaDB [(none)] >

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.