[Liunx] Deploy WEB service: Nginx
- Overview
- Nginx
-
- 1 Introduction
- 2.Nginx file path
- 3.Nginx detailed explanation
-
- (1) Install Nginx
- (2) Start Nginx
- (3)Access Nginx
- 4.Nginx configuration file
-
- a.nginx.conf
- (4) Start demonstration:
-
- a. Create two new website root directories
- b. Create two new index.html in the root directories of the two websites respectively.
- c. Create a new virtual machine configuration file
- d. Restart the service
- e. In order to resolve the local domain name of circle.com: you need to modify the named configuration file
- f. Access the domain name we defined: the results are as follows
- g. Error: Failed to connect to www.circledba.com port 80
- 4. Configure HTTPS website
-
- a. Modify the web2 website to an HTTPS website
- b. Modify the content as:
- The c.ssl certificate will be stored in the /etc/pki/nginx/web2/ directory: create a new directory
- d. Generate certificate file
- e. Restart the service
-
- f. Check the server port
- g. Visit and try
Overview
- HTTP protocol, full name HyperText Transfer Protocol, Chinese name is Hypertext Transfer Protocol, is the most commonly used network protocol in the Internet. One of the important applications of HTTP is the WWW service. The original purpose of designing the HTTP protocol was to provide a method (request return) for publishing and receiving HTML (a page markup language) pages.
- HTTP protocol is one of the commonly used communication protocols on the Internet. It has many applications, but the most popular one is used for communication between Web browsers and Web servers, that is, WWW applications or Web applications.
- WWW, the full name is World Wide Web, often called Web, translated into Chinese as “World Wide Web”. It is currently the most popular form of information service among users on the Internet. The default port of the HTTP protocol WWW service application is 80 (the concept of port). The default port of another encrypted WWW service application https is 443, which is mainly used for online banking, payment and other money-related businesses. Today, the concepts of HTTP service, WWW service, and Web service have been confused, and they all refer to the most common website service applications.
out
Nginx
1. Introduction
- Nginx (engine x) is a high-performance HTTP and reverse proxy web server that also provides
IMAP/POP3/SMTP service reverse proxy. Nginx was developed by Igor Sesoev for Russia’s second most visited Rambler.ru site (Russian: Pam6nep). The first public version 0.1.0 was released on October 4, 2004. It releases its source code under a BSD-like license and is known for its stability, rich feature set, sample configuration files, and low system resource consumption. - Its characteristics are that it occupies less memory and has strong concurrency capabilities. In fact, nginx’s concurrency capabilities perform better among web servers of the same type. Users of nginx websites in mainland China include: Baidu, JD.com, Sina, NetEase, Tencent, Taobao, etc.
2.Nginx file path
Package name: nignx
Default Web directory: /usr/share/nginx/html
Configuration file home directory: /etc/nginx/
Main configuration file: /etc/nginx/nginx.conf
3.Nginx detailed explanation
The following operations are performed on Server2
(1) Install Nginx
yum install -y nginx
[root@server2 ~]# yum install -y nginx Last metadata expiration check: 0:37:17 ago on Tuesday, November 14, 2023 07:15:23. Dependencies resolved. ================================================== ================================================== ================================================== ================================================== ========================================= Package Architecture Version Repository Size ================================================== ================================================== ================================================== ================================================== ========================================= Installing: nginx x86_64 1:1.21.5-2.up1.uel20 UnionTechOS-Server-20-everything 557 k Installing dependencies: gd x86_64 2.3.0-4.uel20 UnionTechOS-Server-20-everything 142 k gperftools-libs x86_64 2.8-1.up1.uel20 UnionTechOS-Server-20-everything 265 k nginx-all-modules noarch 1:1.21.5-2.up1.uel20 UnionTechOS-Server-20-everything 7.0 k nginx-filesystem noarch 1:1.21.5-2.up1.uel20 UnionTechOS-Server-20-everything 8.0 k nginx-mod-http-image-filter x86_64 1:1.21.5-2.up1.uel20 UnionTechOS-Server-20-everything 16 k nginx-mod-http-perl x86_64 1:1.21.5-2.up1.uel20 UnionTechOS-Server-20-everything 26 k nginx-mod-http-xslt-filter x86_64 1:1.21.5-2.up1.uel20 UnionTechOS-Server-20-everything 15 k nginx-mod-mail x86_64 1:1.21.5-2.up1.uel20 UnionTechOS-Server-20-everything 47 k nginx-mod-stream x86_64 1:1.21.5-2.up1.uel20 UnionTechOS-Server-20-everything 69 k Transaction Summary ================================================== ================================================== ================================================== ================================================== ========================================= Install 10 Packages Total download size: 1.1M Installed size: 4.0M Downloading Packages: (1/10): gperftools-libs-2.8-1.up1.uel20.x86_64.rpm 137 kB/s | 265 kB 00:01 (2/10): gd-2.3.0-4.uel20.x86_64.rpm 50 kB/s | 142 kB 00:02 (3/10): nginx-all-modules-1.21.5-2.up1.uel20.noarch.rpm 6.6 kB/s | 7.0 kB 00:01 (4/10): nginx-filesystem-1.21.5-2.up1.uel20.noarch.rpm 44 kB/s | 8.0 kB 00:00 (5/10): nginx-mod-http-image-filter-1.21.5-2.up1.uel20.x86_64.rpm 86 kB/s | 16 kB 00:00 (6/10): nginx-mod-http-perl-1.21.5-2.up1.uel20.x86_64.rpm 72 kB/s | 26 kB 00:00 (7/10): nginx-mod-http-xslt-filter-1.21.5-2.up1.uel20.x86_64.rpm 48 kB/s | 15 kB 00:00 (8/10): nginx-mod-mail-1.21.5-2.up1.uel20.x86_64.rpm 118 kB/s | 47 kB 00:00 (9/10): nginx-mod-stream-1.21.5-2.up1.uel20.x86_64.rpm 108 kB/s | 69 kB 00:00 (10/10): nginx-1.21.5-2.up1.uel20.x86_64.rpm 76 kB/s | 557 kB 00:07 -------------------------------------------------- -------------------------------------------------- -------------------------------------------------- -------------------------------------------------- ---------------------------------------- Total 158 kB/s | 1.1 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing: 1/1 Running scriptlet: nginx-filesystem-1:1.21.5-2.up1.uel20.noarch 1/10 Installing: nginx-filesystem-1:1.21.5-2.up1.uel20.noarch 1/10 Installing: gperftools-libs-2.8-1.up1.uel20.x86_64 2/10 Installing: gd-2.3.0-4.uel20.x86_64 3/10 Running scriptlet: gd-2.3.0-4.uel20.x86_64 3/10 Installing: nginx-mod-http-perl-1:1.21.5-2.up1.uel20.x86_64 4/10 Running scriptlet: nginx-mod-http-perl-1:1.21.5-2.up1.uel20.x86_64 4/10 Installing: nginx-mod-http-xslt-filter-1:1.21.5-2.up1.uel20.x86_64 5/10 Running scriptlet: nginx-mod-http-xslt-filter-1:1.21.5-2.up1.uel20.x86_64 5/10 Installing: nginx-mod-mail-1:1.21.5-2.up1.uel20.x86_64 6/10 Running scriptlet: nginx-mod-mail-1:1.21.5-2.up1.uel20.x86_64 6/10 Installing: nginx-mod-stream-1:1.21.5-2.up1.uel20.x86_64 7/10 Running scriptlet: nginx-mod-stream-1:1.21.5-2.up1.uel20.x86_64 7/10 Installing: nginx-1:1.21.5-2.up1.uel20.x86_64 8/10 Running scriptlet: nginx-1:1.21.5-2.up1.uel20.x86_64 8/10 Installing: nginx-mod-http-image-filter-1:1.21.5-2.up1.uel20.x86_64 9/10 Running scriptlet: nginx-mod-http-image-filter-1:1.21.5-2.up1.uel20.x86_64 9/10 Installing: nginx-all-modules-1:1.21.5-2.up1.uel20.noarch 10/10 Running scriptlet: nginx-all-modules-1:1.21.5-2.up1.uel20.noarch 10/10 Verifying: gd-2.3.0-4.uel20.x86_64 1/10 Verifying: gperftools-libs-2.8-1.up1.uel20.x86_64 2/10 Verifying: nginx-1:1.21.5-2.up1.uel20.x86_64 3/10 Verifying: nginx-all-modules-1:1.21.5-2.up1.uel20.noarch 4/10 Verifying: nginx-filesystem-1:1.21.5-2.up1.uel20.noarch 5/10 Verifying: nginx-mod-http-image-filter-1:1.21.5-2.up1.uel20.x86_64 6/10 Verifying: nginx-mod-http-perl-1:1.21.5-2.up1.uel20.x86_64 7/10 Verifying: nginx-mod-http-xslt-filter-1:1.21.5-2.up1.uel20.x86_64 8/10 Verifying: nginx-mod-mail-1:1.21.5-2.up1.uel20.x86_64 9/10 Verifying: nginx-mod-stream-1:1.21.5-2.up1.uel20.x86_64 10/10 Installed: gd-2.3.0-4.uel20.x86_64 gperftools-libs-2.8-1.up1.uel20.x86_64 nginx-1:1.21.5-2.up1.uel20.x86_64 nginx-all-modules-1:1.21.5 -2.up1.uel20.noarch nginx-filesystem-1:1.21.5-2.up1.uel20.noarch nginx-mod-http-image-filter-1:1.21.5-2.up1.uel20.x86_64 nginx-mod-http-perl-1: 1.21.5-2.up1.uel20.x86_64 nginx-mod-http-xslt-filter-1:1.21.5-2.up1.uel20.x86_64 nginx-mod-mail-1:1.21.5-2.up1.uel20.x86_64 nginx-mod-stream-1:1.21.5-2.up1.uel20.x86_64 Complete! </code><img class="look-more-preCode contentImg-no-view" src="//i2.wp.com/csdnimg.cn/release/blogv2/dist/pc/img/newCodeMoreBlack. png" alt="" title="">
(2) Start Nginx
systemctl start nginx
(3)Access Nginx
[root@server2 ~]# curl 192.168.122.2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Test Page for the Nginx HTTP Server on UnionTech</title>
<style type="text/css">
4.Nginx configuration file
a.nginx.conf
[root@server2 ~]# egrep -v '#|^$' /etc/nginx/nginx.conf
user nginx; // running user
worker_processes auto;
error_log /var/log/nginx/error.log; // Error log
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf; //Module configuration file
events {<!-- -->
worker_connections 1024;//Number of connections
}
http {<!-- -->
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65; //Keep session timeout
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {<!-- -->
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html; //Home directory of website project
include /etc/nginx/default.d/*.conf; //Introduce other configuration files
error_page 404 /404.html; //Error page
location = /40x.html {<!-- -->
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {<!-- -->
}
}
\t
//Configure https website
server {<!-- -->
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {<!-- -->
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {<!-- -->
}
}
}
</code><img class="look-more-preCode contentImg-no-view" src="//i2.wp.com/csdnimg.cn/release/blogv2/dist/pc/img/newCodeMoreBlack. png" alt="" title="">
(4) Start demonstration:
a. Create two new website root directories
[root@server2 ~]# cd /usr/share/nginx/html/
[root@server2 html]# mkdir web{1,2}
[root@server2 html] ls -l
Total usage 0
drwxr-xr-x 2 root root 6 November 14 06:34 web1
drwxr-xr-x 2 root root 6 November 14 06:34 web2
b. Create two new index.html in the root directories of the two websites
[root@server2 html]# vi web1/index.html [root@server2 html]# vi web2/index.html [root@server1 html]#ls web1 index.html [root@server1 html]#ls web2 index.html
c. Create a new virtual machine configuration file
[root@server1 html]# cd /etc/httpd/conf.d/ [root@server1 conf.d]# vi web1.conf [root@server1 conf.d]# vi web2.conf [root@server1 conf.d]# cat web1.conf <VirtualHost 192.168.122.1:80> ServerName www.circle.com ServerAdmin [email protected] DocumentRoot /var/www/html/web1 </VirtualHost> [root@server1 conf.d]# cat web2.conf <VirtualHost 192.168.122.1:80> ServerName admin.circle.com ServerAdmin [email protected] DocumentRoot /var/www/html/web2 </VirtualHost>
d. Restart the service
systemctl restart nginx
e. In order to resolve the local domain name of circle.com: you need to modify the named configuration file
//Continue to modify named on Server1
vi /etc/named.conf
The modified file content is as follows
[root@server1 named]# cat /etc/named.conf
options {<!-- -->
listen-on port 53 {<!-- --> 192.168.122.1; };
directory "/var/named";
allow-query {<!-- --> any; };
};
zone "uos.com" IN {<!-- -->
type master;
file "uos.com.db";
};
zone "circle.com" IN {<!-- -->
type master;
file "circle.com.db";
};
zone "circledba.com" IN {<!-- -->
type master;
file "circledba.com.db";
};
zone "." IN {<!-- -->
type hint;
file "named.ca";
};
</code><img class="look-more-preCode contentImg-no-view" src="//i2.wp.com/csdnimg.cn/release/blogv2/dist/pc/img/newCodeMoreBlack. png" alt="" title="">
[root@server1 named]# cp -p circle.com.db circledba.com.db [root@server1 named]# ls -l Total usage 28 -rw-r----- 1 root named 246 November 13 16:29 circle.com.db drwxrwx--- 2 named named 6 October 12 2022 data drwxrwx--- 2 named named 6 October 12 2022 dynamic -rw-r----- 1 root named 2253 October 12 2022 named.ca -rw-r----- 1 root named 152 October 12 2022 named.empty -rw-r----- 1 root named 152 October 12 2022 named.localhost -rw-r----- 1 root named 168 October 12 2022 named.loopback drwxrwx--- 2 named named 6 October 12 2022 slaves -rw-r----- 1 root named 246 November 13 16:29 uos.com.db -rw-r----- 1 root named 238 November 13 16:07 uos.com.files [root@server1 named]# vi circledba.com.db [root@server1 named]# cat circledba.com.db $TTL 1D @ IN SOA ns.circledba.com root.ns.circledba.com. ( 0;serial 1D; refresh 1H; retry 1W; expire 3H ) ;minimum IN NS ns.circle.com. ns IN A 192.168.122.2 www IN A 192.168.122.2 admin IN A 192.168.122.2 oa IN A 192.168.122.2 [root@server1 named]# systemctl restart named </code><img class="look-more-preCode contentImg-no-view" src="//i2.wp.com/csdnimg.cn/release/blogv2/dist/pc/img/newCodeMoreBlack. png" alt="" title="">
f. Visit the domain name we defined: the results are as follows
[root@server1 named]# curl www.circledba.com this is nginx1; [root@server1 named]# curl admin.circledba.com this is nginx2; [root@server1 named]#
g.Error: Failed to connect to www.circledba.com port 80
[root@server1 named]# curl www.circledba.com curl: (7) Failed to connect to www.circledba.com port 80: No route to host
If this happens, please check your firewall, close the firewall or open port 80
4. Configure HTTPS website
a. Modify the web2 website to an HTTPS website
[root@server2 conf.d]# pwd /etc/nginx/conf.d [root@server2 conf.d]# vi web2.conf
b. Modify the content to:
server {<!-- -->
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name admin.circledba.com;
root /usr/share/nginx/html/web2;
ssl_certificate "/etc/pki/nginx/web2/server.crt";
ssl_certificate_key "/etc/pki/nginx/web2/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
error_page 404 /404.html;
location = /40x.html {<!-- -->
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {<!-- -->
}
}
</code><img class="look-more-preCode contentImg-no-view" src="//i2.wp.com/csdnimg.cn/release/blogv2/dist/pc/img/newCodeMoreBlack. png" alt="" title="">
The c.ssl certificate will be stored in the /etc/pki/nginx/web2/ directory: Create a new directory
mkdir -p /etc/pki/nginx/web2/
d. Generate certificate file
[root@server2 conf.d]# openssl req -new -x509 -days 365 -nodes -out /etc/pki/nginx/web2/server.crt -keyout /etc/pki/nginx/web2/server. key -subj "/C=CN/ST=China/L=Beijing/O=circledba.com/OU=circledba.com/CN=server2.circledba.com" Generating a RSA private key ................................................................. ................................................................. ................................................................. ................................................................. ........... + + + + + ........... + + + + + writing new private key to '/etc/pki/nginx/web2/server.key' ----- [root@server2 conf.d]# ls -l /etc/pki/nginx/web2/ Total usage 8 -rw-r--r-- 1 root root 1403 November 14 10:21 server.crt -rw------- 1 root root 1704 November 14 10:21 server.key
e. Restart the service
systemctl restart nginx
f. View server port
[root@server2 conf.d]# netstat -an | grep :443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN tcp6 0 0 :::443 :::* LISTEN
g. Try visiting
[root@server2 conf.d]# curl https://admin.circledba.com -k this is nginx2;
Here we have succeeded
Add -k to force access. If we do not add -k, it will prompt that our certificate is illegal: as shown below
[root@server2 conf.d]# curl https://admin.circledba.com curl: (60) SSL certificate problem: self signed certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.