Shulou(Shulou.com)06/02 Report--

A brief introduction to Nginx

Summary: Nginx is an open source high-performance HTTP server and reverse proxy server developed by Russia, while supporting IMAP/POP3/SMTP proxy service, its performance advantage is significant, according to the official website: a single nginx server can handle 50000 concurrency

Features: high performance, stability, low consumption of hardware resources, ability to handle large concurrency, mainly used for static parsing, separation of dynamic and static pages

Advantages:

1. As a Web server, nginx is very efficient in handling static files, index files, and automatic indexing.

two。 As a proxy server, Nginx can achieve cacheless reverse proxy acceleration and improve the running speed of the website.

3. As a load balancer server, Nginx can not only directly support Rails and PHP internally, but also support HTTP proxy server for external service. At the same time, it supports simple fault tolerance and load balancing using algorithms.

two。 Install the nginx program

(1) install support software

The configuration and operation of Nginx need the support of pcre, zlib and other software packages.

Yum install gcc gcc-c++ pcre-devel zlib-devel

(2) create and run user groups

The Nginx service program runs as nobody by default. It is recommended to create a special user account for more accurate controller access, flexibility, security and risk reduction.

Useradd-M-s / sbin/nologin nginx

(3) compile and install Nginx

Root@localhost opt] # cd nginx-1.12.0/ [root@localhost nginx-1.12.0] #. / configure\-- prefix=/usr/local/nginx\ # installation directory-- user=nginx\ # run user is Nginx-- group=nginx\ # run group is Nginx-- with-http_stub_status_module # module to support status statistics Easy to view server information and connect to [root@localhost nginx-1.12.0] # make & & make install

(4) optimize the path.

In order to facilitate management, you can create a link file for the main program ngin, and it is convenient to directly call the nginx main program with the nginx command.

Ln-s / usr/local/nginx/sbin/nginx / usr/sbin/

(5) check the configuration

[root@localhost ~] # nginx-tnginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file / usr/local/nginx/conf/nginx.conf test is successful

(6) start and stop Nginx

[root@localhost ~] # nginx start [root@localhost ~] # killall-s HUP nginx # overload configuration [root@localhost ~] # killall-s QUIT nginx # stop service

(6) use Nginx service scripts

In order to use Nginx services to start, stop, reload and other operations more convenient, and use chkconfig and service tools to manage.

[root@localhost ~] # vim / etc/init.d/nginx #! / bin/bash#chkconfig:-99 20 description: Nginx Service Control ScriptPROG= "/ usr/local/nginx/sbin/nginx" PIDF= "/ usr/local/nginx/logs/nginx.pid" case "$1" instart) $PROG;;stop) kill-s QUIT $(cat $PIDF);; reload) $0 stop $0 start;;restart) kill-s HUP $(cat $PIDF) *) echo "Usage:$0 {start | stop | restart | reload}";; esacexit 0 [root@localhost ~] # chmod + x / etc/init.d/nginx [root@localhost ~] # chkconfig-add nginx III. Profile nginx.conf

1. Global configuration

# user nobody; # run user worker_processes 1; # number of worker processes # error_log logs/error.log; # error log # error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid; # location of PID file

2.I/O event configuration

Use the "event {}" delimiting table token to specify the Imax O response model of Nginx's process and the number of connections per process setting.

Events {worker_connections 1024; # 4096 connections per process}

3.HTTP configuration

Using "http {}" to define tags includes a series of settings such as access log, HTTP port, page directory, default character set, connection retention, and virtual Web host, PHP parsing, and so on. Most of these configuration statements are contained in the delimiter "server {}"

Http {include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 610 # keep connection timeout # access_log logs/access.log main; # gzip on; server {# Web Service snooping configuration listen 192.168.242.220 Web 80 # snooping address port server_name 192.168.242.220 # website name default character set for charset utf-8;# pages access_log logs/www.kgc.com.host.access.log;# access log location location / {# Root directory configuration root / var/www/html/kgc; # location of website and directory index index.html index.htm # default web page (index page)} error_page 500 502 503 504 / 50x.hml; # feedback page with internal errors location = / 50x.html {# error page configuration root html;}}

3. Access status statistics

Nginx has a built-in HTTP_STUB_STATUS status statistics module, which is used to feedback the current Web access. When configuring the number of compilers, how to add-- with-http_stub_status_mdule to enable this module support

To use the state statistics feature of nginx, you need to modify the nginx.conf configuration file in addition to enabling the built-in module. Specify the access location and add stub_statuslocation / {stub_status on;# Open status Statistics function access_log off;# turn off logging root / var/www/html/kgc; index index.html index.htm;} Nginx access control for this location

Authorization-based access control steps

1. Use htpasswd to generate user authentication files, and if you do not have this command, you can install the httpd-tools package using yun

[root@localhost ~] # htpasswd / usr/local/nginx/passwd.db jiji # generates a passwd.db file in the / usr/local/nginx directory with the user name jiji and the password entered twice. Generate ciphertext of users and passwords in passwd.db

two。 The permission to modify the password file is 400, and the owner is changed to nginx

[root@localhost] # chmod 400 / usr/local/nginx/passwd.db [root@localhost ~] # chown nginx/ usr/local/nginx/passwd.db

3. Modify the main configuration file nginx.conf to add the corresponding authentication configuration item

Location / {stub_status on;# turns on status statistics access_log off;# closes logging in this location root / var/www/html/kgc; index index.html index.htm; auth_basic "secret"; # add authentication configuration auth_basci_user_file / usr/loacl/nginx/passwd.db}

Client-based access control

1.deny IP / IP segment: a client that rejects an IP or IP segment

2.allow IP/IP segment: a client that allows an IP or IP segment

3. The rules are executed from top to bottom, and if they match, they stop, and no longer match down.

Location / {stub_status on; access_log off; root / var/www/html/kgc; index index.html index.htm; deny 192.169.10.10; # client IP allow all;} Nginx virtual host

Each virtual Web site has an independent server {} configuration port, and its listening ip address port number can be specified separately, and the network name is different.

1. Virtual Host based on IP

two。 Virtual host based on domain name

3. Port-based virtual host

Set the site listen 80 corresponding to server {# join www.kgc.com based on the domain name virtual host; server_name www.kgc.com; # listening address charset utf-8; access_log logs/www.kgc.com.host.access.log; location / {root / var/www/html/kgc # www.kgc.com working directory index index.html index.htm;} error_page 500502 503504 / 50x.hml; location = / 50x.html {root html;}} server {# join www.accp.com corresponding site listen 80; server_name www.accp.com;# listening address charset utf-8 Access_log logs/www.accp.com.host.access.log; location / {root / var/www/html/accp; # working directory index index.html index.htm;} error_page 500502 503504 / 50x.htl; location = / 50x.html {root html }} based on the ip address server {listen 192.168.242.220 server_name; # listening on 192.168.242.220 server_name 192.168.242.220 server_name; charset utf-8; access_log logs/www.kgc.com.host.access.log; location / {root / var/www/html/kgc; index index.html index.htm } error_page 500 502 503 504 / 50x.htl; location = / 50x.html {root html;}} server {listen 192.168.242.167server 80; server_name 192.168.242.167Vist80; # listening 192.168.242.167 charset utf-8; access_log logs/www.accp.com.host.access.log Location / {root / var/www/html/accp; index index.html index.htm;} error_page 500 502 503 504 / 50x.html; location = / 50x.html {root html;}}

Port based

Server {listen 192.168.242.220 server 80; server_name 192.168.242.220 charset utf-8; access_log logs/www.kgc.com.host.access.log; location / {root / var/www/html/kgc; index index.html index.htm;} error_page 500 502 503 504 / 50x.html Location = / 50x.html {root html;}} server {listen 192.168.242.220 listen 8080; server_name 192.168.242.220 server 8080; charset utf-8; access_log logs/www.accp.com.host.access.log; location / {root / var/www/html/accp Index index.html index.htm;} error_page 500 502 503 504 / 50x.htl; location = / 50x.html {root html;}}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.