nginx is a high-performance and lightweight web service software that provides static page services, that is, files in plain text format, usually files with the suffix .html or .htm.
Features:
-
Average stability (lots of bugs, so updates and iterations are fast)
-
Open source (free), can be repackaged (secondary development)
-
The consumption of system resources is very low, and it can handle the http protocol (a single physical server can support 30,000-50,000 concurrent requests, and the number is generally set to 20,000 during work, in order to maintain the stability of the server)
Functions of nginx:
- To process static pages, you can directly provide file services for static pages. HTML, pictures, and animations are also available. Ability to efficiently process and respond to requests for static pages
- Reverse proxy to achieve load balancing and high availability through reverse proxy
- To handle dynamic requests (not a strong point), nginx forwards the dynamic requests to the back-end server, which is processed by a server that specializes in handling dynamic requests. Then, after the dynamic requests are processed, nginx still responds to the client.
- Supports encrypted http protocol (https)
- Support virtual host
- Support URL redirection (page jump)
- nginx has its own caching mechanism, which can cache the content of static pages and reduce the pressure on the back-end server.
- nginx comes with log records, access records (which hosts have accessed the local nginx service), and error logs (records of access failures; errors in configuration files; records of nginx startup failures)
- Can support module expansion, can load different modules and custom configurations
- Low memory consumption
- Support hot deployment, you can update configuration files and upgrade versions without downtime
The main application scenarios of nginx at work:
- Static page service
- Forward dynamic requests
- Reverse proxy, load balancing
- Caching service
- Connection persistence and session persistence
nginx installation
- Install dependent environment:
yum -y install gcc pcre-devel openssl-devel zlib-devel openssl openssl-devel
- Create a user:
useradd -M -s /sbin/nologin nginx
-M do not create a home directory
-s specifies shell - Unzip:
tar -xf nginx-1.22.0.tar.gz
- Enter the software package directory for installation configuration:
#Specify the installation location ./configure --prefix=/usr/local/nginx \ #Specify username --user=nginx \ #Specify the group --group=nginx \ #Support https protocol --with-http_ssl_module \ #Support http2.0 protocol --with-http_v2_module \ #Support obtaining real IP from the client --with-http_realip_module \ #Support methods for accessing nginx status information --with-http_stub_status_module \ #Support the function of compressing pages --with-http_gzip_static_module \ #Support pcre library --with-pcre \ #Support stream module and can support four-layer proxy --with-stream \ #Layer 4 proxy that supports encrypted transmission --with-stream_ssl_module \ #Allow nginx to obtain the client's real IP address from the header of the proxy (proxy protocol) --with-stream_realip_module
- Compile and install:
make & amp; & amp; make install
- Enter the /usr/local/ directory and change the user and group of the nginx/ directory under it to nginx:
cd /usr/local chown -R nginx:nginx nginx/
Explain the files in the /usr/local/nginx/ directory:
conf: nginx configuration file directory, nginx.conf is the main configuration file
html: Saves the web file of nginx, which is the working directory
logs: log file directory
sbin: nginx binary startup script file - Set a soft link for nginx to facilitate the use of commands:
ln -s /usr/local/nginx/sbin/nginx /usr/sbin/
- Add startup service for nginx:
vim /lib/systemd/system/nginx.service
Add the following content to the file:
[Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/usr/local/nginx/run/nginx.pid #Pay attention to the file location. If it is wrong, it will not start. ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf #Note the startup file location ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s TERM $MAINPID [Install] WantedBy=multi-user.target
- Create a directory for the run file:
mkdir /usr/local/nginx/run
- Modify the nginx configuration file:
vim /usr/local/nginx/conf/nginx.conf
Only change one pid position for the time being:
- Start the service:
systemctl daemon-reload systemctl restart nginx
- Write something in the page file:
vim /usr/local/nginx/html/index.html
All previous content can be deleted:
-
Enter the virtual machine IP address in the browser to see the written content. If it is not displayed, remember to turn off the firewall:
systemctl stop firewalld setenforce 0
Usage of nginx command:
- nginx -t checks whether the configuration file syntax and configuration items are correct
- nginx -v show version
- nginx -V displays the version and configuration items
Detailed explanation of nginx.conf configuration:
Take a look at it, it will be used frequently later.
#Running user, if not specified during compilation, the default is nobody #user nobody; #The number of working processes is generally twice the number of CPU cores. If the number of accesses is not large, 1 is enough. worker_processes 2; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #Specify the location of the nginx pid file pid /usr/local/nginx/run/nginx.pid; #The above is a global configuration and takes effect for all users. events { #The number of concurrent connections each process can support worker_connections 10000; } #You can configure proxy, cache, definition log, virtual host and third-party module functions http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; #Support download function sendfile on; #tcp_nopush on; #keepalive_timeout 0; #Connection hold, default 65 seconds keepalive_timeout 65; #Enable gzip compression mode to compress the page gzip on; #server is the virtual host module of nginx. It can only be written in the http module and cannot be written globally. server { #Listening port of the virtual host listen 80; #The domain name of the virtual host can be multiple, but it must be separated by "," server_name localhost; #Specify the default encoding of the virtual server (the default character set of the web page) charset utf-8; #access_log logs/host.access.log main; #Specify the default working directory of the virtual host. There can be multiple locations in a server. location/{ roothtml; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; #location refers to uri, here I changed it to /test location = /test { #root refers to the url. If it is written as root /opt/html, it will go to /opt/html/ to find the index.html file under test/ #If root html, then find the index.html file under test/ from the nginx default location #You can also write alias /opt/html/ here to find the .html file in the /opt/html/ directory. If you want to find the .html file under /opt/html/test/, it must be accurate to /opt/html/ test roothtml; #Name of the page index index.html index.htm; } #There’s more at the bottom, but it’s not important anymore
Linux limits the maximum number of files that can be opened, so the number of worker_connections cannot exceed it. If you want to increase the number of worker_connections, you must first change vim /etc/security/limits.conf (the virtual machine must be restarted to take effect)
Highlights of the configuration file:
- events module: configure the number of connections
- http module: proxy address, log, virtual host are all in http
- An http module can have multiple server blocks, and the server module can only be in the http module.
- The location module can only be written in the server module. A server module can have multiple locations (matching the working directory)
- The difference between root and alias for specifying the working directory: root is a splicing process; alias is an exact match. Root can be in the server block, but alias can only be in location. If the uri matched by alias is /, it must end with /, root unnecessary
Experiment 1: Access status statistics
- First use the command nginx -V to check whether the installed Nginx contains the HTTP_STUB_STATUS module
- Modify the nginx.conf configuration file, specify the access location and add the stub_status configuration
- Restart the service:
systemctl restart nginx
- Visit IP/status in the browser
Active connections: Indicates the current number of active connections;
server accepts handled requests: indicates the connection information that has been processed,
The three numbers represent the number of processed connections, the number of successful TCP handshakes, and the number of processed requests.
Reading: The number of connections currently being read by the client. This indicates that the server is reading the request data from the client.
Writing: The number of connections currently writing responses to the client. This indicates that the server is sending response data to the client.
Waiting: The number of connections currently waiting for client requests. This indicates that a connection is idle, waiting for new requests.
Experiment 2: Authorization-based access control
- First install the httpasswd tool:
yum install -y httpd-tools
- Create a user and store user information in passwd.db:
htpasswd -c /usr/local/nginx/passwd.db zhangsan
- Only root and nginx users can read, and the permission here can only write 400:
chown nginx /usr/local/nginx/passwd.db chmod 400 /usr/local/nginx/passwd.db
- Modify nginx.conf:
- Check the syntax and restart the service:
- At this time, you need to enter the account password when accessing in the browser:
After entering it correctly, you can access it normally:
Experiment 3: Client-based access control
- Let’s talk about the access control rules first:
Deny IP/IP segment: Deny client access from a certain IP or IP segment.
allow IP/IP segment: Allow client access from a certain IP or IP segment.
The rules are executed from top to bottom. If they are matched, they will stop and no further matching will be performed. - Restart the service and verify:
A 403 error occurred when using curl to access the page on 192.168.188.13 (a prohibited client).
It is normal when accessing on 192.168.188.11 (allowed)
Experiment 4: Nginx virtual host based on domain name
- Provide domain name resolution for the virtual host. Note that whoever uses it as the client writes it in the configuration:
echo "192.168.233.21 www.kgc.com www.accp.com" >> /etc/hosts
- Prepare web documents for the virtual host:
mkdir -p /var/www/html/kgc mkdir -p /var/www/html/accp echo "<h1>www.kgc.com</h1>" > /var/www/html/kgc/index.html echo "<h1>www.accp.com</h1>" > /var/www/html/accp/index.html
- Modify Nginx configuration file:
- Access on the client:
Experiment 5: IP-based Nginx virtual host
- First create a virtual network card as the IP of another server:
ifconfig ens33:0 192.168.188.100 netmask 255.255.255.0
- Modify configuration file:
- Restart and test:
Experiment 6: Port-based Nginx virtual host
- Modify configuration file:
- Restart the service and test:
The knowledge points of the article match the official knowledge archives, and you can further learn relevant knowledge. Cloud native entry-level skills treeService grid (istio)ServiceMesh introduction 17075 people are learning the system