Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of "the method of installation and configuration of Nginx server". The editor shows you the operation process through the actual case. The operation method is simple, fast and practical. I hope this article "method of installation and configuration of Nginx server" can help you solve the problem.

Installation

Under ubuntu

Sudo apt-get install nginx

Start

Sudo / etc/init.d/nginx start # starts through the startup file under init.d. Sudo service nginx start# is started through ubuntu's service manager

Profile location

/ etc/nginx/nginx.conf

Compilation and installation

1. precondition

(1) gcc

Apt-get install gcc

(2) .pcre (perl compatible regular expression)

Apt-get install libpcre3 libpcre3-dev

(3) zlib

Apt-get install zliblg zliblg-dev

(4) openssl

If apt-get install openssl opensll-dev# is not apt, you can use the download package to compile and install manually.

two。 Download the package

Www.nginx.net download stable version

Wget http://nginx.org/download/nginx-1.4.4.tar.gz

3. Decompression and installation

Tar-xzvf nginx-1.4.4.tar.gz# default, installation directory / usr/local/nginx./configuremakemake install# configuration. / configure-- conf-path=/etc/nginx/nginx.conf

You can configure some other options

Check the configuration summary in the following directory after installation

4.init script

You need to create an init script for nginx

Get one from the Internet and put it in / etc/init.d/nginx

Recommended compilation configuration

1. Using different prefix makes it easy to specify different versions and upgrade.

. / configure-- prefix=/usr/local/nginx-1.4.4

Basic operation

View help

/ usr/local/nginx/sbin/nginx-h

Stop the process immediately (term signal)

/ usr/local/nginx/sbin/nginx-s stop

Gently stop the process (quit signal)

/ usr/local/nginx/sbin/nginx-s quit

Reload

/ etc/init.d/nginx reload # Native with init script / usr/local/nginx/sbin/nginx-s reload #

Check if the configuration file is correct

/ usr/local/nginx/sbin/nginx-t # / usr/local/nginx/sbin/nginx-t-c / home/ken/tmp/test.conf # under the production path can test a temporary file

Basic configuration of http

Configuration description

Comments, #

Each instruction always ends with a good score.

Configuration inheritance: if other sections are nested in one block, the nested section inherits the settings of its parent section

String, can be without quotation marks, but if there are special characters (spaces, semicolons, curly braces) need to be enclosed in quotation marks

Unit: size (k ram k m) time value (ms/s/m/h/d/w/m/y default s)

The module provides a variety of variable values that can be read and assigned (each module provides a list of variables to check on its own)

Configuration file directory structure

/ usr/local/nginx/conf/

-mime.types an extended list of files associated with the mime type

-fastcgi.conf configuration files related to fastcgi

-proxy.conf configuration files related to proxy

-basic configuration file for nginx.conf application

-sites/

| |-a.conf # allows you to create a profile for each individual website |

| |-b.conf |

| |-dir/ |

| |-c.conf |

Need to use the include command in nginx.conf

Include sites/*.conf;include sites/*/*.conf

Configuration file structure

Http {# is embedded in the root of the configuration file. Multiple server server can be configured in a http {# declare the hostname listen 80 that a site server_name www.website.com; # listens to; # the ip address and port number used by the listening socket error_page 404 / not_found.html; error_page 500501 502 503 504 / server_error.html; index index.html; root / var/www/website/com/html # define the root directory of the document # location, and match the uri requested by the client through the established model. Specific location of location / {# website} location / admin/ {# specific location of website # alias / var/www/locked/ # can only be placed in the location section, providing an alias} # operator for the specified path, matching has nothing to do with the definition order location = / abcd {# exact match, cannot be used regular} location / abc/ {# url must start with the specified pattern, cannot use regular} location ^ ~ / abcd$ {# Wu Peugeot behavior, uri positioning must start with the specified pattern, if matching Stop searching for other patterns} location ~ ^ / abcd$ {# regular match, case-sensitive} location ~ * ^ / abcd$ {# regular match, case-insensitive} location @ test {# define location section name, client cannot access, internally generated requests can, for example, try_files or error_page}}

Module

Modularization

The real charm of nginx lies in its modules. The whole application is built on a modular system, and each module can be enabled or disabled at compile time.

Index module

Define which index page to go back to

Index index.php index.html / data/website/index.html

# you can specify more than one, but ngxin provides the first file found

Log module

Access_log / file/path

Error_log / file/path error; # level: debug/info/notice/warn/error/crit

Log format

Log_format main'$remote_addr-$remote_user [$time_local] "$request"'

'$status $body_bytes_sent "$http_referer"'

'"$http_user_agent" $http_x_forwarded_for'

Access_log / var/log/test.log main

Real ip module

The default compiled nginx does not include this module

When a user's request is forwarded through nginx, the application receiving the request needs to get the user's real ip (the server's ip is forwarded)

Real_ip_header x-forwarded-for

Access module

You can disable the ip segment

Grammar

# if there is a conflict between rules, the rule that matches first will be used as quasi-deny ip;deny subnet;allow ip;allow subnet;# block all ipsdeny all;# allow all ipsallow all

Configure a blockips.conf and then include in nginx.conf

E.g

Location {allow 127.0.0.1; # allow local ip to pay attention to the order, allow should be put in front of deny all; # prohibit other ip}

Rewrite module

Function: perform url redirection, allowing you to remove malicious url, including multiple parameters (modification)

Use regular matching, grouping and citation to achieve the goal

Break/return/set et al.

If (- f $uri) {break} if ($uri ~ ^ / admin/) {return 403;} if ($uri ~ ^ / search/ (. *) $) {set $query $1; rewrite ^ / search.php?q=$query?;}

Examples

A: http://website.com/search/some-search-keywordsb:http://website.com/search.php?q=some-search-keywordsrewrite ^ / search/ (. *) $/ search.php?q=$1?;a: http://website.com/user/31/jamesb:http://website.com/user.php?id=31&name=jamesrewrite ^ / user/ ([0-9] +) / (. +) $/ user.php?id=$1&name=$2? A: http://website.com/index.php/param1/param2/param3b:http://website.com/index.php/?p1=param1&p2=param2&p3=param3rewrite ^ / index.php/ (. *) $/ index.php?p1=$1&p2=$2&p3=$3?

Rewrite syntax

Rewrite a b option

Options:

Last: indicates completion of rewrite

Break: after the matching of this rule is completed, the matching is terminated and the following rules are no longer matched.

Redirect: returns 302 temporary redirection. The address bar will display the address after the jump.

Permanent: returns 301 permanent redirection, and the address bar will display the address after the jump.

Proxy module

The default module allows you to transfer http requests from the client to the back-end server

Location / {proxy_pass_header server; # this directive forces some ignored headers to be passed to the client proxy_redirect off; # allows you to overwrite the url that appears in the http header but is triggered by the back-end server, proxy_set_header host $http_host; # allows you to redefine the proxy header value and then go to the back-end server. The target server can see the original hostname of the client proxy_set_header x-real-ip $remote_addr; # the target server can see the real ip of the client instead of forwarding the server's ip proxy_set_header x-scheme $scheme; proxy_pass http://localhost:8080;}

Upstream module

Upstream up_name {server 192.168.0.1 server 9000 weight=5; # weight server 192.168.0.2 server 9000 weight=5 max_fails=5 fail_timeout=60s; # in 60s, its error communication exceeded 5 times, it was considered that the service failed server 192.168.0.39000 down; # service was marked offline, no longer using server 192.168.0.49000 backup; # backup server, other downtime only enabled}

Other

Configure static directory

Location / static/ {root / var/www/app/; autoindex off;}

Load balancing

Http {include mime.types; default_type application/octet-stream; keepalive_timeout 120; tcp_nodelay on; upstream up_localhost {server 127.0.0.1 proxy_set_header host 8000 weight=5; server 127.0.0.1 http://up_localhost; 8001 weight=10;} server {listen 80; server_name localhost; location / {proxy_pass for proxy_set_header host $host; proxy_set_header x-real_ip $remote_addr Proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;}

Control page caching

Location ~\. (htm | html | gif | jpg | jpeg | png | bmp | ico | css | js | txt) ${root / opt/webapp; expires 24h;} expires 1 january, 1970, 00:00:01 gmt;expires 60s exchangres 30m

Built-in variables for nginx

The variable $arg_parameter contains the value of the get request parameter when querying the string.

The variable $args is equal to the parameter in the request line.

Client address in the form of $binary_remote_addr binary code.

$body_bytes_sent

The content-length field in the header of the $content_length request.

The content-type field in the header of the $content_type request.

The value of $cookie_cookie cookie cookie.

$document_root currently requests the value specified in the root directive.

$document_uri is the same as $uri.

The host header field in the $host request that, if the host header in the request is not available, is the name of the server on which the request is processed.

$is_args if $args is set, the value is "?", otherwise it is "".

The variable $limit_rate limits the connection rate.

The number of the nginx version that nginx_version is currently running.

$query_string is the same as $args.

Ip address of the $remote_addr client.

Port of the $remote_port client.

$remote_user user name that has been authenticated by auth basic module.

The file path of the current connection request for $request_filename, generated by the root or alias directive and the uri request.

The variable $request_body (0.7.58 +) contains the main information of the request. It makes sense in location that uses proxy_pass or fastcgi_pass instructions.

The temporary file name of the principal information requested by the request_body_file client.

$request_completion request completed

The variable $request_method is the action requested by the client, usually get or post. In versions 0.8.20 and earlier, this variable is always an action in main request, and if the current request is a subrequest, the currently requested action is not used.

The variable $request_uri is equal to the original uri that contains some client request parameters. It cannot be modified. Please see $uri to change or rewrite the uri.

The $schemehttp method (such as http,https). Use on demand, for example:

Rewrite ^ (. +) $$scheme://example.com$1 redirect

The server_addr server address, which can be determined after completing a system call. If you want to bypass the system call, you must specify the address in listen and use the bind parameter.

$server_name server name.

The port number where the $server_port request arrives at the server.

The protocol used by the $server_protocol request, usually http/1.0 or http/1.1.

The current uri in the $uri request (without the request parameter, which is located at $args), can be different from the value of $request_uri passed by the browser, which can be redirected internally or modified using the index directive.

Use a stand-alone directory, and then include configure

Catalogue

Nginx.confsite/ a.conf b.confnginx.confhttp {. Include / etc/nginx/conf.d/*.conf; include sites/*.conf;}

Gzip on

Add it to the http module, turn on gzip, and note that gzip_types is configured as a compressed resource type

Nginx.conf

Http {. Gzip on; gzip_min_length 1k; gzip_comp_level 5; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/javascript text/javascript application/x-javascript text/xml application/xml application/xml+rss application/json image/x-icon image/png image/jpg image/jpeg application/font-woff; gzip_vary on;} for multi processersnginx.confworker_processes 4 leading events {worker_connections 2048; use epoll; multi_accept on;} worker_rlimit_nofile 100000 Static file cache location ~ *. (?: css | js) ${expires 12h; access_log off; add_header cache-control "public"; proxy_pass http://127.0.0.1:5000; proxy_redirect off;} proxy pass location / {proxy_pass http://127.0.0.1:8000; proxy_pass_header server; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for Proxy_set_header x-real-ip $remote_addr; proxy_set_header x-scheme $scheme; proxy_set_header host $http_host; proxy_redirect off;}

You can set the timeout

Proxy_connect_timeout 500s; proxy_read_timeout 500s; proxy_send_timeout 500s; static directory or file location / movies/ {alias / volumes/media/movies/; allow all;} location = / abc.txt {alias / data/www/static/abc.txt; expires 30d; access_log off;}

Static station

Server {listen 192.168.1.1 access_log logs/blog_access.log; error_log logs/blog_error.log; root 80; server_name www.abc.com; client_max_body_size 1m; access_log logs/blog_access.log; error_log logs/blog_error.log; root / data/static_site_dir; index index.html;}

Return

Direct return

Grammar

Return http_code;return http_code "content"

E.g.

Location / api/test/ {return 403;} location / stat/ {return 204;} location / ping/ {return 200;}

For mobile

The mobile end and the website jump to each other

Location = / {try_files $uri @ mobile_rewrite;} location ~ ^ / (login | register | search | album | 404 | album/\ d+ | item/\ d+ | topic) ${try_files $uri @ mobile_rewrite;} location @ mobile_rewrite {if ($http_user_agent ~ * "(android | bb\ d+ | meego). + mobile | avantgo | bada\ / | blazer | compal | elaine | fennec hiptop | iemobile | ip (hone | od) | iris | iris | kindle | lge | lge (maemo) | lge | lge (lge) | / | ip | kindle (4 | 6) | | ip | hone. (com) (4 / 6) | | idem. | } if ($http_user_agent ~ * "^ (1207 | 6310 | 6590 | 3gso | 4thp | 50 [1-6] I | 770s | 802s | a wa | abac | ac (er | oo | s\ -) | ai (ko | rn) | al (av | ca | co) | amoi | an (ex | ny | yw) | aptu | ar (ch | go) | as (te | us) | attw | au (di |\-m | r | s) | avan | be (ck | ll | nq) | nq (nq) | nq (nq) | bi (nq) | bi (bi) | lb | lb\-(n | u) | C55\ /) | lb | lb\-/ lb | lb | lb\-rd | lb | be\-Czov | PUBG | | | er (ic | K0) | esl8 | ez ([4-7] 0 | os | wa | ze) | fetc | fly (\-| _) | G1 u | G560 | gene | g\-mo | go (\ .w | od) | gr (ad | un) | haie | hcit | hd\-(m | t) | hei\-| hi (pt | ta) | hp (I | ip) | hs\-c | ht (c (\-| | _ | a | g | p | s | t) | tp) | hu (aw tc) | I\-(20 | go | ma) | i230 | iac (\-20 | go | ma) | i230 | iac (\-20 | go | ma) | ibro | idea | idea (v) | ig01 | (\) | (\ /) | hp (I | ip) | | k | (aw / tc) | (2 / 20 | go | ma) | i230 | iac (\-20 | go | ma) | ibro | ibro | idea | ibro | idea (v) | ig01 | (v | idea) | | libw | lynx | M1\-w | m3ga | M50\ / | ma (te | ui | xo) | mc (01 | 21 | ca) | m\-cr | me (rc | ri) | mi (o8 | oa | ts) | mmef | mo (01 | 02 | bi | de | do | t (\-| o | v) | zz) | mt (50 | p1 | v) | mwbp | mywa | N10 [0-2] | N20 [2-3] | N30 (0 | 2) | N50 (0 | 2 | 5) | N7 (0 (0 | 1) | 10) | ne (c | m)\-| on tf | wf | wg wt) | nok (6 | I) | nzph o2im | op (ti) | ti (ti) | ti | ti (ti a d | t) | wv (13 | 13 (0 | 1) | c | 8 | pan | 2 | | owg1) | Ck | rt | se) | prox | psio | pt\-g | qa\-a | qc (07 | 12 | 21 | 32 |\-[2-7] | I\ -) | qtek | R380 | raks | raks | ro (ve | zo) | S55\ / | sa (ge | ma | mm | ms | ny | va) | sc (01 | h\-| oo | p\ -) | sdk\ / | se (c (\-| 0 | 1) | 47 | mc | nd ri) | sgh\-| shar sie (\-m) | sk\ 0 | sl (45 | id) | sm (al | al b3 | ar | t5) ar | (ar | ar) (al 01 | h\ | v\-| v) | it 01 | it T2 (18) | 50 | 50) | T6 (10) | 18 | so (n) | it |\-I | sl |\ t) | -mo | to (pl | sh) | ts (70 | m\-| m3 | M5) | tx\-9 | up (\ .b | G1 | si) | utst | v400 | v750 | veri | vi (rg | te) | vk (40 | 5 [0-3] |\-v) | vm40 | voda | vx (52 | 53 | 60 | 61 | 80 | 81 | 83 | 85 | 98) | W3C (\-|) | webc | whit | wi (g | nc | nw) | wmlb | wonu | X700 | yas\-| your | zeto | zte\-") {set $mobile_rewrite perform } if ($arg_mobile = 'no') {set $mobile_rewrite do_not_perform;} if ($arg_mobile =' yes') {set $mobile_rewrite perform;} if ($mobile_rewrite = perform) {rewrite ^ http://$server_name/m$request_uri permanent; break;} proxy_pass http://127.0.0.1:5000; Proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header x-real-ip $remote_addr; proxy_set_header host $http_host; proxy_redirect off;} location / m / {set $pc_rewrite 1 If ($http_user_agent ~ * "(android | bb\ d+ | meego). + mobile | avantgo | bada\ / | blackberry | blazer | compal | fennec | hiptop | iemobile | ip (hone | od) | iris | kindle | lge | maemo | midp | mmp | netfront | opera m (ob | in) I | palm (os)? | phone | p (ixi | re)\ / | plucker | pocket | psp | psp (4 | 6) | psp | series | series\. (symbian | symbian) | | (treo) | |") {symbian $0 } if ($http_user_agent ~ * "^ (1207 | 6310 | 6590 | 3gso | 4thp | 50 [1-6] I | 770s | 802s | a wa | abac | ac (er | oo | s\ -) | ai (ko | rn) | al (av | ca | co) | amoi | an (ex | ny | yw) | aptu | ar (ch | go) | as (te | us) | attw | au (di |\-m | r | s) | avan | be (ck | ll | nq) | nq (nq) | nq (nq) | bi (nq) | bi (bi) | lb | lb\-(n | u) | C55\ /) | lb | lb\-/ lb | lb | lb\-rd | lb | be\-Czov | PUBG | | | er (ic | K0) | esl8 | ez ([4-7] 0 | os | wa | ze) | fetc | fly (\-| _) | G1 u | G560 | gene | g\-mo | go (\ .w | od) | gr (ad | un) | haie | hcit | hd\-(m | t) | hei\-| hi (pt | ta) | hp (I | ip) | hs\-c | ht (c (\-| | _ | a | g | p | s | t) | tp) | hu (aw tc) | I\-(20 | go | ma) | i230 | iac (\-20 | go | ma) | i230 | iac (\-20 | go | ma) | ibro | idea | idea (v) | ig01 | (\) | (\ /) | hp (I | ip) | | k | (aw / tc) | (2 / 20 | go | ma) | i230 | iac (\-20 | go | ma) | ibro | ibro | idea | ibro | idea (v) | ig01 | (v | idea) | | libw | lynx | M1\-w | m3ga | M50\ / | ma (te | ui | xo) | mc (01 | 21 | ca) | m\-cr | me (rc | ri) | mi (o8 | oa | ts) | mmef | mo (01 | 02 | bi | de | do | t (\-| o | v) | zz) | mt (50 | p1 | v) | mwbp | mywa | N10 [0-2] | N20 [2-3] | N30 (0 | 2) | N50 (0 | 2 | 5) | N7 (0 (0 | 1) | 10) | ne (c | m)\-| on tf | wf | wg wt) | nok (6 | I) | nzph o2im | op (ti) | ti (ti) | ti | ti (ti a d | t) | wv (13 | 13 (0 | 1) | c | 8 | pan | 2 | | owg1) | Ck | rt | se) | prox | psio | pt\-g | qa\-a | qc (07 | 12 | 21 | 32 |\-[2-7] | I\ -) | qtek | R380 | raks | raks | ro (ve | zo) | S55\ / | sa (ge | ma | mm | ms | ny | va) | sc (01 | h\-| oo | p\ -) | sdk\ / | se (c (\-| 0 | 1) | 47 | mc | nd ri) | sgh\-| shar sie (\-m) | sk\ 0 | sl (45 | id) | sm (al | al b3 | ar | t5) ar | (ar | ar) (al 01 | h\ | v\-| v) | it 01 | it T2 (18) | 50 | 50) | T6 (10) | 18 | so (n) | it |\-I | sl |\ t) | -mo | to (pl | sh) | ts (70 | m\-| m3 | M5) | tx\-9 | up (\ .b | G1 | si) | utst | v400 | v750 | veri | vi (rg | te) | vk (40 | 5 [0-3] |\-v) | vm40 | voda | vx (52 | 53 | 60 | 61 | 80 | 81 | 83 | 85 | 98) | W3C (\-|) | webc | whit | wi (g | nc | nw) | wmlb | wonu | X700 | yas\-| your | zeto | zte\-") {set $pc_rewrite 0 } if ($pc_rewrite = 1) {rewrite ^ / m / (. *) $http://$server_name/$1 permanent;} proxy_pass http://127.0.0.1:5000; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header x-real-ip $remote_addr; proxy_set_header host $http_host; proxy_redirect off;} redirect to wwwserver {server_name abc.com Rewrite ^ (. *) http://www.abc.com$1 permanent;} allow and deny

Access ip control

Location / test/ {allow 192.168.1.1; deny all;}

Load balancing

Nginx.conf

Http {upstream a {server 192.168.1.1 server 5000; server 192.168.1.2 VR 5000;}}

Sites/a.conf

Server {location / {proxy_pass a;}}

Other

Centos service cmds

Check the correctness of the configuration file

Service nginx configtest

Reload configuration

This is the end of service nginx reload's introduction to "how to install and configure Nginx server". Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.