大纲
一、环境准备
二、编译安装Nginx
三、相关模块与指令介绍
一、环境准备
系统环境
CentOS5.8 x86_64
软件包
nginx-1.8.0.tar.gz(源码包)
拓扑图
1、时间同步
[root@soysauce ~]# ntpdate s2c.time.edu.cn 18 Jan 12:44:37 ntpdate[25250]: adjust time server 202.112.10.36 offset -0.007795 sec
2、关闭iptables和selinux
[root@soysauce ~]# sed -r -i "s/^(SELINUX=).*/\1permissive/g" /etc/sysconfig/selinux [root@soysauce ~]# setenforce 0 [root@soysauce ~]# getenforce Permissive
二、编译安装Nginx
1、下载源码包
[root@soysauce ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
2、解决依赖关系和创建nginx用户和组
[root@soysauce ~]# yum groupinstall -y "Development Tools" "Development Libraries" [root@soysauce ~]# yum install openssl-devel pcre-devel [root@soysauce ~]# groupadd -r nginx [root@soysauce ~]# useradd -r -g nginx nginx
3、编译安装
[root@soysauce ~]# tar xf nginx-1.8.0.tar.gz [root@soysauce ~]# cd nginx-1.8.0 [root@soysauce nginx-1.8.0]# ls auto CHANGES CHANGES.ru conf configure contrib html LICENSE Makefile man objs README src [root@soysauce nginx-1.8.0]# ./configure --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre 显示我们自定义的配置信息和编译选项 Configuration summary + using system PCRE library + using system OpenSSL library + md5: using OpenSSL library + sha1: using OpenSSL library + using system zlib library nginx path prefix: "/usr" nginx binary file: "/usr/sbin/nginx" nginx configuration prefix: "/etc/nginx" nginx configuration file: "/etc/nginx/nginx.conf" nginx pid file: "/var/run/nginx/nginx.pid" nginx error log file: "/var/log/nginx/error.log" nginx http access log file: "/var/log/nginx/access.log" nginx http client request body temporary files: "/var/tmp/nginx/client/" nginx http proxy temporary files: "/var/tmp/nginx/proxy/" nginx http fastcgi temporary files: "/var/tmp/nginx/fcgi/" nginx http uwsgi temporary files: "/var/tmp/nginx/uwsgi" nginx http scgi temporary files: "/var/tmp/nginx/scgi" 编译安装 [root@soysauce nginx-1.8.0]# make && make install 补充: Nginx可以使用Tmalloc(快速、多线程的malloc库及优秀性能分析工具)来加速内存分配 使用此功能需要事先安装gperftools,而后在编译nginx添加--with-google_perftools_module选项即可
4、为nginx提供SysV init脚本
[root@soysauce nginx-1.8.0]# vim /etc/rc.d/init.d/nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse # proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed ‘s/[^*]*--user=\([^ ]*\).*/\1/g‘ -`
options=`$nginx -V 2>&1 | grep ‘configure arguments:‘`
for opt in $options; do
if [ `echo $opt | grep ‘.*-temp-path‘` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
添加执行权限,并加入到服务列表中
[root@soysauce nginx-1.8.0]# chmod +x /etc/rc.d/init.d/nginx
[root@soysauce nginx-1.8.0]# chkconfig --add nginx
[root@soysauce nginx-1.8.0]# chkconfig nginx on
[root@soysauce nginx-1.8.0]# chkconfig --list nginx
nginx 0:off 1:off 2:on 3:on 4:on 5:on 6:off5、启动Nginx服务,并测试能否访问主页
[root@soysauce nginx-1.8.0]# service nginx start Starting nginx: [ OK ] 查看80端口是否处于监听状态 [root@soysauce nginx-1.8.0]# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2820/portmap tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 30414/nginx tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 25126/sshd tcp 0 0 0.0.0.0:922 0.0.0.0:* LISTEN 2860/rpc.statd tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 24814/sshd tcp 0 0 :::22 :::* LISTEN 25126/sshd tcp 0 0 ::1:6011 :::* LISTEN 24814/sshd
打开浏览器访问一下
可以看到是能够正常访问的
三、相关模块与指令介绍
1、http核心模块:ngx_http_core_module
(1)、error_page
syntax:error_page code ... [=[response]] uri;
default:—
context:http, server, location, if in location
Example Configuration
location / {
root /web/html;
index index.html index.htm;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}(2)、location
syntax: location [ = | ~ | ~* | ^~ ] uri { ... }
location @name { ... }
default:-
context: server, location
location 匹配优先级
1、Directives with the = prefix that match the query exactly. If found, searching stops.
2、All remaining directives with conventional strings, longest match first. If this match used the ^~ prefix, searching stops.
3、Regular expressions, in order of definition in the configuration file.
4、If #3 yielded a match, that result is used. Else the match from #2 is used.
=前缀的指令严格匹配这个查询。如果找到,停止搜索;即 = 优先级最高
所有剩下的常规字符串,最长的匹配。如果这个匹配使用^~前缀,搜索停止;接着是^~
正则表达式,在配置文件中定义的顺序;接着是~和~*
如果第3条规则产生匹配的话,结果被使用。否则,如同从第2条规则被使用。
Examples:
location = / {
# matches the query / only.
[ configuration A ]
}
location / {
# matches any query, since all queries begin with /, but regular
# expressions and any longer conventional blocks will be
# matched first.
[ configuration B ]
}
location ^~ /images/ {
# matches any query beginning with /images/ and halts searching,
# so regular expressions will not be checked.
[ configuration C ]
}
location ~* ".(gif|jpg|jpeg)$ {
# matches any request ending in gif, jpg, or jpeg. However, all
# requests to the /images/ directory will be handled by
# Configuration C.
[ configuration D ]
}
The “/” request will match configuration A
the “/index.html” request will match configuration B
the “/documents/document.html” request will match configuration C
the “/images/1.gif” request will match configuration D, and the “/documents/1.jpg” request will match configuration E.2、http访问控制模块:ngx_http_access_module
Syntax: allow address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
Syntax: deny address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
Example Configuration
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
如想只允许特定主机或网段,则使用如下配置
location URI {
allow 172.16.1.106; # 仅允许特定主机
allow 172.16.0.0/16; # 仅允许特定网段
deny all;
}
如想只拒绝定网段访问,则使用如下配置
location URI {
deny 172.16.1.100; # 仅拒绝172.16.1.106访问,其他则可以正常访问
deny 172.16.0.0/16; # 仅拒绝172.16网段访问,其他则可以正常访问
allow all; # 此行不写也行,因为默认规则为allow all
}3、http基本认证模块:ngx_http_auth_basic_module
Syntax: auth_basic string | off;
Default:
auth_basic off;
Context: http, server, location, limit_except
Syntax: auth_basic_user_file file;
Default: —
Context: http, server, location, limit_except
Example Configuration
location / {
auth_basic "closed site";
auth_basic_user_file conf/htpasswd;
}
如想实现基于用户的访问认证,则需借助htpasswd,而htpasswd工具是由httpd提供
首先在nginx中定义两个指令 auth_basic 和auth_basic_user_file
location /bbs {
root /web;
index index.html index.htm;
auth_basic "Resticted Area...";
auth_basic_user_file "/etc/nginx/.htpasswd";
}
安装httpd并生成认证用户和密码
[root@soysauce ~]# yum install -y httpd
[root@soysauce nginx]# htpasswd -c -m /etc/nginx/.htpasswd tom
New password:
Re-type new password:
Adding password for user tom
[root@soysauce nginx]# htpasswd -m /etc/nginx/.htpasswd jerry
New password:
Re-type new password:
Adding password for user jerry
[root@soysauce nginx]# cat /etc/nginx/.htpasswd
tom:$apr1$bUDII/..$Nt1lO/TeUH4ic5DJhJ2w.0
jerry:$apr1$Rn6sB/..$hD2s/euOa/ge4hzQUo3dv.
重新载入nginx并测试访问
[root@soysauce nginx]# service nginx reload
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Reloading nginx: [ OK ]4、http目录列表自动生成模块:ngx_http_autoindex_module
Syntax: autoindex on | off;
Default:
autoindex off;
Context: http, server, location
是否使用自动目录列表
Syntax: autoindex_exact_size on | off;
Default:
autoindex_exact_size on;
Context: http, server, location
设置目录中列出的文件是显示精确大小,还是对KB,MB,GB进行四舍五入
Syntax: autoindex_format html | xml | json | jsonp;
Default:
autoindex_format html;
Context: http, server, location
This directive appeared in version 1.7.9.
设置目录列表的格式,当使用JSONP格式,回调函数的名称设置回调请求参数。如果参数丢失或为空值则使用JSON格式
Syntax: autoindex_localtime on | off;
Default:
autoindex_localtime off;
Context: http, server, location
设置目录中列出文件的时间是本地时间还是UTC时间
Example Configuration
location / {
autoindex on;
}本文出自 “Hello,Linux” 博客,请务必保留此出处http://soysauce93.blog.51cto.com/7589461/1736108
原文:http://soysauce93.blog.51cto.com/7589461/1736108