nginx website service (1. Small experiment)

nginx is a high-performance and lightweight web service software that provides static page services, that is, files in plain text format, usually files with the suffix .html or .htm.

Features:

Average stability (lots of bugs, so updates and iterations are fast)
Open source (free), can be repackaged (secondary development)
The consumption of system resources is very low, and it can handle the http protocol (a single physical server can support 30,000-50,000 concurrent requests, and the number is generally set to 20,000 during work, in order to maintain the stability of the server)

Functions of nginx:

To process static pages, you can directly provide file services for static pages. HTML, pictures, and animations are also available. Ability to efficiently process and respond to requests for static pages
Reverse proxy to achieve load balancing and high availability through reverse proxy
To handle dynamic requests (not a strong point), nginx forwards the dynamic requests to the back-end server, which is processed by a server that specializes in handling dynamic requests. Then, after the dynamic requests are processed, nginx still responds to the client.
Supports encrypted http protocol (https)
Support virtual host
Support URL redirection (page jump)
nginx has its own caching mechanism, which can cache the content of static pages and reduce the pressure on the back-end server.
nginx comes with log records, access records (which hosts have accessed the local nginx service), and error logs (records of access failures; errors in configuration files; records of nginx startup failures)
Can support module expansion, can load different modules and custom configurations
Low memory consumption
Support hot deployment, you can update configuration files and upgrade versions without downtime

The main application scenarios of nginx at work:

Static page service
Forward dynamic requests
Reverse proxy, load balancing
Caching service
Connection persistence and session persistence

nginx installation

Install dependent environment:

yum -y install gcc pcre-devel openssl-devel zlib-devel openssl openssl-devel

Create a user:
```
useradd -M -s /sbin/nologin nginx
```
-M do not create a home directory
-s specifies shell
Unzip:
```
tar -xf nginx-1.22.0.tar.gz
```

Enter the software package directory for installation configuration:

#Specify the installation location
./configure --prefix=/usr/local/nginx \
#Specify username
--user=nginx \
#Specify the group
--group=nginx \
#Support https protocol
--with-http_ssl_module \
#Support http2.0 protocol
--with-http_v2_module \
#Support obtaining real IP from the client
--with-http_realip_module \
#Support methods for accessing nginx status information
--with-http_stub_status_module \
#Support the function of compressing pages
--with-http_gzip_static_module \
#Support pcre library
--with-pcre \
#Support stream module and can support four-layer proxy
--with-stream \
#Layer 4 proxy that supports encrypted transmission
--with-stream_ssl_module \
#Allow nginx to obtain the client's real IP address from the header of the proxy (proxy protocol)
--with-stream_realip_module

Compile and install:
```
make & amp; & amp; make install
```
Enter the /usr/local/ directory and change the user and group of the nginx/ directory under it to nginx:
```
cd /usr/local
chown -R nginx:nginx nginx/
```
Explain the files in the /usr/local/nginx/ directory:
conf: nginx configuration file directory, nginx.conf is the main configuration file
html: Saves the web file of nginx, which is the working directory
logs: log file directory
sbin: nginx binary startup script file
Set a soft link for nginx to facilitate the use of commands:
```
ln -s /usr/local/nginx/sbin/nginx /usr/sbin/
```

Add startup service for nginx:

vim /lib/systemd/system/nginx.service

Add the following content to the file:

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/run/nginx.pid
#Pay attention to the file location. If it is wrong, it will not start.
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
#Note the startup file location
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target

Create a directory for the run file:
```
mkdir /usr/local/nginx/run
```
Modify the nginx configuration file:
```
vim /usr/local/nginx/conf/nginx.conf
```
Only change one pid position for the time being:

Start the service:

systemctl daemon-reload
systemctl restart nginx

Write something in the page file:
```
vim /usr/local/nginx/html/index.html
```
All previous content can be deleted:
Enter the virtual machine IP address in the browser to see the written content. If it is not displayed, remember to turn off the firewall:
```
systemctl stop firewalld
setenforce 0
```

Usage of nginx command:

nginx -t checks whether the configuration file syntax and configuration items are correct
nginx -v show version
nginx -V displays the version and configuration items

Detailed explanation of nginx.conf configuration:

Take a look at it, it will be used frequently later.

#Running user, if not specified during compilation, the default is nobody
#user nobody;
#The number of working processes is generally twice the number of CPU cores. If the number of accesses is not large, 1 is enough.
worker_processes 2;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#Specify the location of the nginx pid file
pid /usr/local/nginx/run/nginx.pid;

#The above is a global configuration and takes effect for all users.

events {
#The number of concurrent connections each process can support
    worker_connections 10000;
}


#You can configure proxy, cache, definition log, virtual host and third-party module functions
http {
    include mime.types;
    default_type application/octet-stream;

    #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    # '$status $body_bytes_sent "$http_referer" '
    # '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log logs/access.log main;

#Support download function
    sendfile on;
    #tcp_nopush on;

    #keepalive_timeout 0;
#Connection hold, default 65 seconds
    keepalive_timeout 65;

#Enable gzip compression mode to compress the page
    gzip on;
#server is the virtual host module of nginx. It can only be written in the http module and cannot be written globally.
    server {
#Listening port of the virtual host
        listen 80;
#The domain name of the virtual host can be multiple, but it must be separated by ","
        server_name localhost;

#Specify the default encoding of the virtual server (the default character set of the web page)
        charset utf-8;

        #access_log logs/host.access.log main;

#Specify the default working directory of the virtual host. There can be multiple locations in a server.
        location/{
            roothtml;
            index index.html index.htm;
        }

        #error_page 404 /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page 500 502 503 504 /50x.html;
#location refers to uri, here I changed it to /test
        location = /test {
#root refers to the url. If it is written as root /opt/html, it will go to /opt/html/ to find the index.html file under test/
#If root html, then find the index.html file under test/ from the nginx default location
#You can also write alias /opt/html/ here to find the .html file in the /opt/html/ directory. If you want to find the .html file under /opt/html/test/, it must be accurate to /opt/html/ test
            roothtml;
#Name of the page
            index index.html index.htm;
        }
#There’s more at the bottom, but it’s not important anymore

Linux limits the maximum number of files that can be opened, so the number of worker_connections cannot exceed it. If you want to increase the number of worker_connections, you must first change vim /etc/security/limits.conf (the virtual machine must be restarted to take effect)

Highlights of the configuration file:

events module: configure the number of connections
http module: proxy address, log, virtual host are all in http
An http module can have multiple server blocks, and the server module can only be in the http module.
The location module can only be written in the server module. A server module can have multiple locations (matching the working directory)
The difference between root and alias for specifying the working directory: root is a splicing process; alias is an exact match. Root can be in the server block, but alias can only be in location. If the uri matched by alias is /, it must end with /, root unnecessary

Experiment 1: Access status statistics

First use the command nginx -V to check whether the installed Nginx contains the HTTP_STUB_STATUS module
Modify the nginx.conf configuration file, specify the access location and add the stub_status configuration
Restart the service:
```
systemctl restart nginx
```
Visit IP/status in the browser
Active connections: Indicates the current number of active connections;
server accepts handled requests: indicates the connection information that has been processed,
The three numbers represent the number of processed connections, the number of successful TCP handshakes, and the number of processed requests.
Reading: The number of connections currently being read by the client. This indicates that the server is reading the request data from the client.
Writing: The number of connections currently writing responses to the client. This indicates that the server is sending response data to the client.
Waiting: The number of connections currently waiting for client requests. This indicates that a connection is idle, waiting for new requests.

Experiment 2: Authorization-based access control

First install the httpasswd tool:
```
yum install -y httpd-tools
```
Create a user and store user information in passwd.db:
```
htpasswd -c /usr/local/nginx/passwd.db zhangsan
```
Only root and nginx users can read, and the permission here can only write 400:
```
chown nginx /usr/local/nginx/passwd.db
chmod 400 /usr/local/nginx/passwd.db
```
Modify nginx.conf:
Check the syntax and restart the service:
At this time, you need to enter the account password when accessing in the browser:
After entering it correctly, you can access it normally:

Experiment 3: Client-based access control

Let’s talk about the access control rules first:
Deny IP/IP segment: Deny client access from a certain IP or IP segment.
allow IP/IP segment: Allow client access from a certain IP or IP segment.
The rules are executed from top to bottom. If they are matched, they will stop and no further matching will be performed.
Restart the service and verify:
A 403 error occurred when using curl to access the page on 192.168.188.13 (a prohibited client).

It is normal when accessing on 192.168.188.11 (allowed)

Experiment 4: Nginx virtual host based on domain name

Provide domain name resolution for the virtual host. Note that whoever uses it as the client writes it in the configuration:
```
echo "192.168.233.21 www.kgc.com www.accp.com" >> /etc/hosts
```

Prepare web documents for the virtual host:

mkdir -p /var/www/html/kgc
mkdir -p /var/www/html/accp
echo "<h1>www.kgc.com</h1>" > /var/www/html/kgc/index.html
echo "<h1>www.accp.com</h1>" > /var/www/html/accp/index.html

Modify Nginx configuration file:
Access on the client:

Experiment 5: IP-based Nginx virtual host

First create a virtual network card as the IP of another server:
```
ifconfig ens33:0 192.168.188.100 netmask 255.255.255.0
```
Modify configuration file:
Restart and test:

Experiment 6: Port-based Nginx virtual host

Modify configuration file:
Restart the service and test:

The knowledge points of the article match the official knowledge archives, and you can further learn relevant knowledge. Cloud native entry-level skills treeService grid (istio)ServiceMesh introduction 17075 people are learning the system