Nginx核心配置詳解-創(chuàng)新互聯(lián)

1 全局配置

user nginx nginx; # 啟動(dòng)nginx工作進(jìn)程的用戶(hù)和組,默認(rèn)為nobody
worker_processes auto; # 啟動(dòng)nginx工作進(jìn)程的數(shù)量,默認(rèn)為1
worker_cpu_affinity 0001 0010 0100 1000; #將Nginx?作進(jìn)程綁定到指定的CPU核?,默認(rèn)Nginx是不進(jìn)?進(jìn)程綁定的,綁定并不是意味著當(dāng)前nginx進(jìn)程獨(dú)占?核?CPU,但是可以保證此進(jìn)程不會(huì)運(yùn)?在其他核?上,這就極?減少了nginx的?作進(jìn)程在不同的cpu核?上的來(lái)回跳轉(zhuǎn),減少了CPU對(duì)進(jìn)程的資源分配與回收以及內(nèi)存管理等,因此可以有效的提升nginx服務(wù)器的性能,也可以設(shè)置為auto。
可以執(zhí)行以下命令觀察工作進(jìn)程是否一致運(yùn)行在同一核CPU上
[root@CentOS7-01 ~]#watch -n1 'ps axo pid,cmd,psr,user | grep nginx|grep -v grep'
#錯(cuò)誤?志記錄配置,語(yǔ)法:error_log file [debug | info | notice | warn | error | crit | alert | emerg]
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
error_log  logs/error.log  error;

pid /run/nginx.pid; # pid文件保存路徑
worker_priority 0; # 工作進(jìn)程nice值,-20~19
worker_rlimit_nofile 65536; #這個(gè)數(shù)字包括Nginx的所有連接(例如與代理服務(wù)器的連接等),?不僅僅是客戶(hù)端的連接,另?個(gè)考慮因素是實(shí)際的并發(fā)連接數(shù)不能超過(guò)系統(tǒng)級(jí)別的最?打開(kāi)?件數(shù)的限制
daemon off; #前臺(tái)運(yùn)?Nginx服務(wù)?于測(cè)試、docker等環(huán)境。
master_process off|on; #是否開(kāi)啟Nginx的master-woker?作模式,僅?于開(kāi)發(fā)調(diào)試場(chǎng)景。
events { #事件模型配置參數(shù)
worker_connections 65536; #設(shè)置單個(gè)?作進(jìn)程的最?并發(fā)連接數(shù)
use epoll; #使?epoll事件驅(qū)動(dòng),Nginx?持眾多的事件驅(qū)動(dòng),?如select、poll、epoll,只能設(shè)置在events模塊中設(shè)置。
accept_mutex on; #優(yōu)化同?時(shí)刻只有?個(gè)請(qǐng)求?避免多個(gè)睡眠進(jìn)程被喚醒的設(shè)置,on為防?被同時(shí)喚醒,默認(rèn)為off,全部喚醒的過(guò)程也成為"驚群",因此nginx剛安裝完以后要進(jìn)?適當(dāng)?shù)膬?yōu)化。
multi_accept on; #Nginx服務(wù)器的每個(gè)?作進(jìn)程可以同時(shí)接受多個(gè)新的?絡(luò)連接,但是需要在配置?件中配置,此指令默認(rèn)為關(guān)閉,即默認(rèn)為?個(gè)?作進(jìn)程只能?次接受?個(gè)新的?絡(luò)連接,打開(kāi)后即可同時(shí)接受多個(gè)。

2 http詳細(xì)配置

http {
    include       mime.types; #導(dǎo)入支持的文件類(lèi)型
    default_type  application/octet-stream; #設(shè)置默認(rèn)的類(lèi)型,會(huì)提示下載不匹配的類(lèi)型文件
#日志配置部分
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
#自定義優(yōu)化參數(shù)
    sendfile        on; #實(shí)現(xiàn)文件零拷貝
    #tcp_nopush     on; #在開(kāi)啟了sendfile的情況下,合并請(qǐng)求后統(tǒng)一發(fā)送給客戶(hù)端
    #tcp_nodelay off; #在開(kāi)啟了keepalived模式下的連接是否啟?TCP_NODELAY選項(xiàng),當(dāng)為off時(shí),延遲0.2s發(fā)送,默認(rèn)為on,不延遲發(fā)送,?即發(fā)送用戶(hù)響應(yīng)報(bào)?。     
    #keepalive_timeout  0;
    keepalive_timeout  65; #設(shè)置會(huì)話(huà)保持時(shí)間
    #gzip  on; #開(kāi)啟文件壓縮

    server {
        listen       80; #設(shè)置監(jiān)聽(tīng)地址和端口
        server_name  localhost; #設(shè)置server name,可以以空格隔開(kāi)寫(xiě)多個(gè)并支持正則表達(dá)式

        #charset koi8-r; #設(shè)置編碼格式,默認(rèn)是俄語(yǔ)格式,可以改為utf-8

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html; #定義錯(cuò)誤頁(yè)面
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1; #以http的?式轉(zhuǎn)發(fā)php請(qǐng)求到指定web服務(wù)器
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000; #以fastcgi的?式轉(zhuǎn)發(fā)php請(qǐng)求到php處理
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht { #拒絕web形式訪(fǎng)問(wèn)指定?件,如很多的?站都是通過(guò).htaccess?件來(lái)改變??的重定向等功能。
        #    deny  all;
        #}
    }

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server { #?定義虛擬server
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm; #指定默認(rèn)???件,此指令由ngx_http_index_module模塊提供
    #    }
    #}

    # HTTPS server
    #
    #server { #https服務(wù)器配置
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

3 核心配置示例

基于不同的IP、端口和域名實(shí)現(xiàn)不同功能的虛擬主機(jī),依賴(lài)于核心模塊ngx_http_core_module實(shí)現(xiàn)。

3.1 新建一個(gè)PC web站點(diǎn)

[root@CentOS7-01 ~]#mkdir /apps/nginx/conf/vhosts
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location / {
    root html/pc;
  }
}
[root@CentOS7-01 ~]#mkdir /apps/nginx/html/pc
[root@CentOS7-01 ~]#echo "pc web" > /apps/nginx/html/pc/index.html
[root@CentOS7-01 ~]#vim /apps/nginx/conf/nginx.conf
include /apps/nginx/conf/vhosts/*.conf; #添加在http塊
[root@CentOS7-01 ~]#sed -i '1s/$/ pc.hechunping.tech/' /etc/hosts

訪(fǎng)問(wèn)測(cè)試
[root@CentOS7-01 ~]#curl -i pc.hechunping.tech
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 02 Jan 2020 12:07:55 GMT
Content-Type: text/html
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes

pc web

3.2 新建一個(gè)Mobile web站點(diǎn)

[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/mobile.conf 
server {
  listen 80;
  server_name mobile.hechunping.tech;
  location / {
    root html/mobile;
  }
}
[root@CentOS7-01 ~]#mkdir /apps/nginx/html/mobile
[root@CentOS7-01 ~]#echo "mobile web" > /apps/nginx/html/mobile/index.html
[root@CentOS7-01 ~]#sed -i '1s/$/ mobile.hechunping.tech/' /etc/hosts
[root@CentOS7-01 ~]#systemctl reload nginx

訪(fǎng)問(wèn)測(cè)試
[root@CentOS7-01 ~]#curl -i mobile.hechunping.tech/index.html
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 02 Jan 2020 12:05:26 GMT
Content-Type: text/html
Content-Length: 11
Last-Modified: Thu, 02 Jan 2020 12:04:43 GMT
Connection: keep-alive
ETag: "5e0ddc5b-b"
Accept-Ranges: bytes

mobile web

3.3 root與alias

3.3.1 root:指定web的家?錄,在定義location的時(shí)候,?件的絕對(duì)路徑等于root+location,如:

[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location / {
    root html/pc;
  }
  location /about {
    root html/pc; #在pc目錄下,必須要有about這個(gè)目錄,否則訪(fǎng)問(wèn)的時(shí)候會(huì)報(bào)404錯(cuò)誤
  }
}
[root@CentOS7-01 ~]#mkdir /apps/nginx/html/pc/about
[root@CentOS7-01 ~]#echo "about page ..." > /apps/nginx/html/pc/about/index.html

訪(fǎng)問(wèn)測(cè)試
[root@CentOS7-01 ~]#curl -i pc.hechunping.tech/about/index.html
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 02 Jan 2020 12:28:07 GMT
Content-Type: text/html
Content-Length: 15
Last-Modified: Thu, 02 Jan 2020 12:25:03 GMT
Connection: keep-alive
ETag: "5e0de11f-f"
Accept-Ranges: bytes

about page ...

3.3.2 alias:定義路徑別名,會(huì)把訪(fǎng)問(wèn)的路徑重新定義到其指定的路徑,如:

[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location / {
    root html/pc;
  }
  location /alpc { #使?alias的時(shí)候uri后?如果加了"/"則下?的路徑配置必須加"/",否則訪(fǎng)問(wèn)報(bào)錯(cuò)
    alias html/pc; #當(dāng)訪(fǎng)問(wèn)alpc的時(shí)候,會(huì)顯?alias定義的/apps/nginx/html/pc??的內(nèi)容。
  }
}

訪(fǎng)問(wèn)測(cè)試
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#cat /apps/nginx/html/pc/index.html 
pc web
[root@CentOS7-01 ~]#curl -i pc.hechunping.tech/alpc/index.html
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 02 Jan 2020 13:07:30 GMT
Content-Type: text/html
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes

pc web

3.3.3 兩者間的區(qū)別

1)alias指定的目錄是準(zhǔn)確的,即location匹配訪(fǎng)問(wèn)的path目錄下的文件直接是在alias指定的目錄下查找的,location匹配訪(fǎng)問(wèn)的path目錄的名稱(chēng)可以任意指定,該類(lèi)型類(lèi)似于Linux文件系統(tǒng)的軟連接功能;
2)alias虛擬配置目錄中,location匹配的path目錄后?如果加了"/",則alias指定的目錄后?也必須加"/",否則403
3)root指定的目錄是location匹配訪(fǎng)問(wèn)的path目錄的父目錄,這個(gè)path目錄一定要是真實(shí)存在于root指定目錄下的子目錄;
4)root目錄配置中,location匹配的path目錄后面帶不帶"/",都不會(huì)影響訪(fǎng)問(wèn)。

3.4 location的詳細(xì)使用

語(yǔ)法規(guī)則: location [=|~|~*|^~] /uri/ { … }
=   #?于標(biāo)準(zhǔn)uri前,需要請(qǐng)求字串與uri精確匹配,如果匹配成功就停?向下匹配并?即處理請(qǐng)求。
~   #?于標(biāo)準(zhǔn)uri前,表?包含正則表達(dá)式并且區(qū)分??寫(xiě),并且匹配
!~  #?于標(biāo)準(zhǔn)uri前,表?包含正則表達(dá)式并且區(qū)分??寫(xiě),并且不匹配
~*  #?于標(biāo)準(zhǔn)uri前,表?包含正則表達(dá)式并且不區(qū)分?寫(xiě),并且匹配
!~* #?于標(biāo)準(zhǔn)uri前,表?包含正則表達(dá)式并且不區(qū)分??寫(xiě),并且不匹配
^~  #?于標(biāo)準(zhǔn)uri前,表?包含正則表達(dá)式并且匹配以什么開(kāi)頭
$   #?于標(biāo)準(zhǔn)uri前,表?包含正則表達(dá)式并且匹配以什么結(jié)尾
\   #?于標(biāo)準(zhǔn)uri前,表?包含正則表達(dá)式并且轉(zhuǎn)義字符??梢赞D(zhuǎn). * ?等
*   #?于標(biāo)準(zhǔn)uri前,表?包含正則表達(dá)式并且代表任意?度的任意字符

3.4.1 精確匹配

在server部分使用location配置一個(gè)web界面,要求:當(dāng)訪(fǎng)問(wèn)nginx服務(wù)器的指定資源時(shí),顯示指定html文件的內(nèi)容
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location /test.html {
    root /apps/nginx/html/mobile;
  }

  location = /test.html {
    root /apps/nginx/html/pc;
  }
}
[root@CentOS7-01 ~]#cat /apps/nginx/html/mobile/test.html 
mobile location
[root@CentOS7-01 ~]#cat /apps/nginx/html/pc/test.html 
pc location
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#curl pc.hechunping.tech/test.html
pc location

從上面的測(cè)試結(jié)果可以發(fā)現(xiàn),返回的是精確匹配的內(nèi)容

3.4.2 區(qū)分大小寫(xiě)匹配

只匹配以小寫(xiě)html結(jié)尾的文件
[root@CentOS7-01 mobile]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location ~ \.html$ {
    root /apps/nginx/html/mobile;
  }
}
[root@CentOS7-01 mobile]#ls /apps/nginx/html/mobile/test.*
/apps/nginx/html/mobile/test.html  /apps/nginx/html/mobile/test.Html
[root@CentOS7-01 mobile]#curl --head pc.hechunping.tech/test.html
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 13:37:42 GMT
Content-Type: text/html
Content-Length: 16
Last-Modified: Fri, 03 Jan 2020 12:53:04 GMT
Connection: keep-alive
ETag: "5e0f3930-10"
Accept-Ranges: bytes

[root@CentOS7-01 mobile]#curl --head pc.hechunping.tech/test.Html
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 03 Jan 2020 13:37:52 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

3.4.3 不區(qū)分大小寫(xiě)匹配

此模式無(wú)論是大小寫(xiě)html結(jié)尾的文件都匹配,大小寫(xiě)可以混合,通常使用此模式匹配用戶(hù)請(qǐng)求的靜態(tài)資源并繼續(xù)做下一步操作
[root@CentOS7-01 mobile]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location ~* \.html$ {
    root /apps/nginx/html/mobile;
  }
}
[root@CentOS7-01 mobile]#systemctl reload nginx
[root@CentOS7-01 mobile]#ls /apps/nginx/html/mobile/test.*
/apps/nginx/html/mobile/test.html  /apps/nginx/html/mobile/test.Html
[root@CentOS7-01 mobile]#curl --head pc.hechunping.tech/test.html
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 13:44:08 GMT
Content-Type: text/html
Content-Length: 16
Last-Modified: Fri, 03 Jan 2020 12:53:04 GMT
Connection: keep-alive
ETag: "5e0f3930-10"
Accept-Ranges: bytes

[root@CentOS7-01 mobile]#curl --head pc.hechunping.tech/test.Html
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 13:44:14 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Fri, 03 Jan 2020 13:27:17 GMT
Connection: keep-alive
ETag: "5e0f4135-4"
Accept-Ranges: bytes

3.4.4 以某個(gè)URI開(kāi)頭匹配

只匹配以abc開(kāi)頭的uri下的內(nèi)容就結(jié)束搜索,而不會(huì)再匹配uri中包含abc對(duì)應(yīng)目錄下的內(nèi)容
[root@CentOS7-01 mobile]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location ^~ /abc {
    root /apps/nginx/html/mobile;
  }
  location /babc {
    root /apps/nginx/html/mobile;
  }
}
[root@CentOS7-01 mobile]#cat /apps/nginx/html/mobile/abc/index.html 
abc page
[root@CentOS7-01 mobile]#cat /apps/nginx/html/mobile/babc/index.html 
babc page
[root@CentOS7-01 mobile]#systemctl reload  nginx
[root@CentOS7-01 mobile]#curl  pc.hechunping.tech/abc/
abc page

3.4.5 不區(qū)分大小寫(xiě)匹配以某個(gè)文件名結(jié)尾的文件

[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location ~* \.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|wmf|js)$ {
    root /apps/nginx/html/image;
  }
}
[root@CentOS7-01 ~]#ls /apps/nginx/html/image/
1.jpg  2.jpg  3.png  4.jpEg  Ab.jS  timg.jpg
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech/4.jpEg
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 14:11:07 GMT
Content-Type: image/jpeg
Content-Length: 16228
Last-Modified: Fri, 03 Jan 2020 14:03:22 GMT
Connection: keep-alive
ETag: "5e0f49aa-3f64"
Accept-Ranges: bytes

[root@CentOS7-01 ~]#curl -I pc.hechunping.tech/Ab.jS
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 14:11:18 GMT
Content-Type: application/javascript
Content-Length: 16228
Last-Modified: Fri, 03 Jan 2020 14:10:19 GMT
Connection: keep-alive
ETag: "5e0f4b4b-3f64"
Accept-Ranges: bytes

[root@CentOS7-01 ~]#curl -I pc.hechunping.tech/3.png
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 14:11:34 GMT
Content-Type: image/png
Content-Length: 16228
Last-Modified: Fri, 03 Jan 2020 14:03:11 GMT
Connection: keep-alive
ETag: "5e0f499f-3f64"
Accept-Ranges: bytes

3.4.6 優(yōu)先級(jí)

匹配優(yōu)先級(jí):=,^~,~/~*,/
location優(yōu)先級(jí):(location =) > (location 完整路徑) > (location ^~ 路徑) > (location ~,~* 正則順序) > (location 部分起始路徑) > (/)

3.4.7 生產(chǎn)使用案例

直接匹配?站根會(huì)加速Nginx訪(fǎng)問(wèn)處理:
location = / {
......;
}
location / {
......;
}
靜態(tài)資源配置:
location ^~ /static/ {
......;
}
# 或者
location ~* \.(gif|jpg|jpeg|png|css|js|ico)$ {
......;
}
多應(yīng)?配置
location ~* /app1 {
    ......;
}
location ~* /app2 {
......;
}

3.5 nginx四層訪(fǎng)問(wèn)控制

訪(fǎng)問(wèn)控制基于模塊ngx_http_access_module實(shí)現(xiàn),可以通過(guò)匹配客戶(hù)端源IP地址進(jìn)?限制,這里只允許192.168.7.72這個(gè)ip訪(fǎng)問(wèn)
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location /pc {
    root /apps/nginx/html;
    allow 192.168.7.72;
    deny all;
  }
}
訪(fǎng)問(wèn)測(cè)試,192.168.7.72是另一臺(tái)Linux服務(wù)器的地址,這里分別在這臺(tái)Linux服務(wù)器和物理機(jī)上進(jìn)行測(cè)試
Linux服務(wù)器
[root@CentOS7-02 ~]#ifconfig eth0 | awk -F"[ ]+" 'NR==2{print $3}'
192.168.7.72
[root@CentOS7-02 ~]#curl -i pc.hechunping.tech/pc/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 01:45:18 GMT
Content-Type: text/html
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes

pc web

物理機(jī)
從訪(fǎng)問(wèn)日志中可以發(fā)現(xiàn)403狀態(tài)碼
[root@CentOS7-01 ~]#tail -n1 -f /apps/nginx/logs/access.log 
192.168.7.1 - - [04/Jan/2020:09:46:12 +0800] "GET /pc/ HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"

3.6 nginx賬戶(hù)認(rèn)證功能

1)生成密碼文件,可以使用兩種方法
方法1:使用htpasswd命令生成,需要安裝httpd-tools包
[root@CentOS7-01 ~]#yum -y install httpd-tools
[root@CentOS7-01 ~]#htpasswd -cb /apps/nginx/conf/.passwd user1 123456 #只有創(chuàng)建第一個(gè)用戶(hù)的時(shí)候需要加-c參數(shù),后面新建用戶(hù)的時(shí)候不用加該參數(shù),否則會(huì)覆蓋前面創(chuàng)建的用戶(hù)名密碼。
Adding password for user user1
[root@CentOS7-01 ~]#htpasswd -b /apps/nginx/conf/.passwd user2 123456
Adding password for user user2
[root@CentOS7-01 ~]#cat /apps/nginx/conf/.passwd 
user1:$apr1$/4bSUD79$AUHF6.EYkLwW6pvtinl/N1
user2:$apr1$F1c./Mk9$k3LBFsZ.EFaTSU6PdMk5r1
方法2:使用openssl命令生成
[root@CentOS7-01 ~]#printf "user1:$(openssl passwd -crypt 123456)\n" > /apps/nginx/conf/.passwd
[root@CentOS7-01 ~]#printf "user2:$(openssl passwd -crypt 123456)\n" >> /apps/nginx/conf/.passwd #在創(chuàng)建第二個(gè)用戶(hù)的時(shí)候使用追加的方式,否則會(huì)覆蓋前面創(chuàng)建的用戶(hù)名密碼。
[root@CentOS7-01 ~]#cat /apps/nginx/conf/.passwd 
user1:/p2JrkKzl2VvY
user2:.yQfiUOWOMJJE
2)配置nginx配置文件
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location /pc {
    root /apps/nginx/html;
    auth_basic "login password";
    auth_basic_user_file /apps/nginx/conf/.passwd;
  }
}
[root@CentOS7-01 ~]#systemctl reload nginx
3)訪(fǎng)問(wèn)測(cè)試
在物理機(jī)進(jìn)行訪(fǎng)問(wèn),訪(fǎng)問(wèn)成功的話(huà),在nginx的訪(fǎng)問(wèn)日志中可以獲取到遠(yuǎn)程用戶(hù)信息,如下
[root@CentOS7-01 ~]#tail -n1 -f /apps/nginx/logs/access.log 
192.168.7.1 - user1 [04/Jan/2020:10:20:21 +0800] "GET /pc/ HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"

Nginx核心配置詳解

創(chuàng)新互聯(lián)建站堅(jiān)持“要么做到,要么別承諾”的工作理念,服務(wù)領(lǐng)域包括:成都做網(wǎng)站、網(wǎng)站設(shè)計(jì)、企業(yè)官網(wǎng)、英文網(wǎng)站、手機(jī)端網(wǎng)站、網(wǎng)站推廣等服務(wù),滿(mǎn)足客戶(hù)于互聯(lián)網(wǎng)時(shí)代的昌都網(wǎng)站設(shè)計(jì)、移動(dòng)媒體設(shè)計(jì)的需求,幫助企業(yè)找到有效的互聯(lián)網(wǎng)解決方案。努力成為您成熟可靠的網(wǎng)絡(luò)建設(shè)合作伙伴!

3.7 自定義錯(cuò)誤頁(yè)面

當(dāng)我們?cè)L問(wèn)一個(gè)不存在的頁(yè)面的時(shí)候,瀏覽器頁(yè)面通常會(huì)報(bào)一個(gè)大大的404 Not Found,這樣看起來(lái)顯然是很不友好的,所以可以通過(guò)自定義錯(cuò)誤頁(yè)面的方式,把404錯(cuò)誤定義成自己寫(xiě)的內(nèi)容
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  error_page 404 /error.html;
  location = /error.html {
    root html;
  }
}
[root@CentOS7-01 ~]#echo "您訪(fǎng)問(wèn)的頁(yè)面不見(jiàn)了~~~" > /apps/nginx/html/error.html
[root@CentOS7-01 ~]#systemctl reload nginx

訪(fǎng)問(wèn)測(cè)試

Nginx核心配置詳解

3.8 自定義訪(fǎng)問(wèn)日志

默認(rèn)情況下,日志存放的路徑是nginx安裝路徑的logs目錄下, 但是我們可以將各個(gè)業(yè)務(wù)的日志剝離開(kāi),這樣方便統(tǒng)計(jì)和管理
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  error_page 404 /error.html;
  access_log /data/nginx/logs/pc.hechunping.tech/access.log;
  error_log /data/nginx/logs/pc.hechunping.tech/error.log;
  location = /error.html {
    root html;
  }
}
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#ls /data/nginx/logs/pc.hechunping.tech/
access.log  error.log

3.9 檢測(cè)文件是否存在

try_files會(huì)按順序檢查?件是否存在,返回第?個(gè)找到的?件或?件夾(結(jié)尾加"/"表?為?件夾),如果所有?件或?件夾都找不到,會(huì)進(jìn)??個(gè)內(nèi)部重定向到最后?個(gè)參數(shù)。只有最后?個(gè)參數(shù)可以引起?個(gè)內(nèi)部重定向,之前的參數(shù)只設(shè)置內(nèi)部URI的指向。最后?個(gè)參數(shù)是回退URI且必須存在,否則會(huì)出現(xiàn)內(nèi)部500錯(cuò)誤。

[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location /pc {
    root html;
    try_files $uri $uri/index.html $uri.html /pc/defautl.html;
  }
}
[root@CentOS7-01 ~]#cat /apps/nginx/html/pc/defautl.html 
pc default page ...
[root@CentOS7-01 ~]#systemctl reload nginx

訪(fǎng)問(wèn)測(cè)試
當(dāng)訪(fǎng)問(wèn)的資源無(wú)法匹配前面的所有uri時(shí),就會(huì)顯示defautl.html頁(yè)面的內(nèi)容,如下圖

Nginx核心配置詳解

也可以將最后一個(gè)參數(shù)自定義為一個(gè)狀態(tài)碼,如下圖

Nginx核心配置詳解

3.10 長(zhǎng)連接匹配

keepalive_timeout number; #設(shè)定保持連接超時(shí)時(shí)?,0表?禁??連接,默認(rèn)為75s,通常配置在http字段作為站點(diǎn)全局配置 
keepalive_requests number; #在?次?連接上所允許請(qǐng)求的資源的最?數(shù)量,默認(rèn)為100次

keepalive_timeout 65 65; #開(kāi)啟?連接后,返回客戶(hù)端的會(huì)話(huà)保持時(shí)間為65s,單次?連接累計(jì)請(qǐng)求達(dá)到指定次數(shù)請(qǐng)求或65秒就會(huì)被斷開(kāi),后?的65表示發(fā)送給客戶(hù)端的響應(yīng)報(bào)?頭部中顯?的超時(shí)時(shí)間設(shè)置為65s:如不設(shè)置客戶(hù)端將不顯?超時(shí)時(shí)間。

訪(fǎng)問(wèn)測(cè)試
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech/pc
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 07:43:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
Keep-Alive: timeout=65
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes

如果設(shè)置為0表?關(guān)閉會(huì)話(huà)保持功能,如下所示
curl -I pc.hechunping.tech/pc
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 07:45:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: close
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes

keepalive_requests 2; #在一次長(zhǎng)連接上所允許請(qǐng)求的資源的大次數(shù),這里設(shè)置為2,當(dāng)達(dá)到兩次就會(huì)關(guān)閉本次長(zhǎng)連接。

訪(fǎng)問(wèn)測(cè)試
# 使用telnet命令測(cè)試
[root@CentOS7-01 ~]#telnet pc.hechunping.tech 80
Trying 127.0.0.1...
Connected to pc.hechunping.tech.
Escape character is '^]'.
GET /pc/index.html HTTP/1.1
HOST: pc.hechunping.tech

# 響應(yīng)頭信息
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 07:48:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
Keep-Alive: timeout=65
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes

# 頁(yè)面內(nèi)容
pc web
GET /pc/index.html HTTP/1.1
HOST: pc.hechunping.tech

# 響應(yīng)頭信息
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 07:49:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: close
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes
# 頁(yè)面內(nèi)容
pc web
Connection closed by foreign host. #請(qǐng)求資源的次數(shù)達(dá)到2次后,本次長(zhǎng)連接關(guān)閉

3.11 配置nginx為下載服務(wù)器

[root@CentOS7-01 download]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location /download { 
    autoindex on;
    autoindex_exact_size on;
    autoindex_localtime on;
    limit_rate 20k;
    root html/pc;
  }
}
[root@CentOS7-01 download]#ls /apps/nginx/html/pc/download/ #該目錄下不能有index.html文件
README.md  ubuntu-18.04.3-server-amd64.iso
[root@CentOS7-01 download]#systemctl reload nginx

訪(fǎng)問(wèn)測(cè)試,如下圖

Nginx核心配置詳解
Nginx核心配置詳解

3.12 配置nginx為上傳服務(wù)器

client_max_body_size 1m; #設(shè)置允許客戶(hù)端上傳單個(gè)?件的最?值,默認(rèn)值為1m
client_body_buffer_size size; #?于接收每個(gè)客戶(hù)端請(qǐng)求報(bào)?的body部分的緩沖區(qū)??;默認(rèn)16k;超出此??時(shí),其將被暫存到由下?的client_body_temp_path指令所定義的磁盤(pán)上的位置
client_body_temp_path path [level1 [level2 [level3]]]; #設(shè)定存儲(chǔ)客戶(hù)端請(qǐng)求報(bào)?的body部分的臨時(shí)存儲(chǔ)路徑及??錄結(jié)構(gòu)和數(shù)量,?錄名為16進(jìn)制的數(shù)字,使?hash之后的值從后往前截取1位、2位、2位作為?件名

1級(jí)?錄占1位16進(jìn)制,即2^4=16個(gè)?錄 0-f
2級(jí)?錄占2位16進(jìn)制,即2^8=256個(gè)?錄 00-ff
3級(jí)?錄占2位16進(jìn)制,即2^8=256個(gè)?錄 00-ff

配置?例:
client_max_body_size 10m;
client_body_buffer_size 16k;
client_body_temp_path /data/nginx/temp 1 2 2; #reload Nginx會(huì)?動(dòng)創(chuàng)建temp?錄

3.13 其它配置

3.13.1 對(duì)哪種瀏覽器禁??連接

keepalive_disable none | browser ...;
例如:禁用ie6瀏覽器,在配置文件中添加如下參數(shù),可以在http,server,location塊配置
keepalive_disable msie6;

3.13.2 限制客戶(hù)端只能使用指定的請(qǐng)求方法,僅?于location塊

limit_except method ... { ... } ;

method:GET,HEAD,POST,PUT,DELETE,MKCOL,COPY,MOVE,OPTIONS,PROPFIND,PROPPATCH,LOCK,UNLOCK,PATCH
# 限制僅允許192.168.7.0網(wǎng)段的客戶(hù)端使用指定的GET和HEAD方法
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location /pc {
    root html;
    limit_except GET {
      allow 192.168.7.0/24;
      deny all;
    }
  }
}
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#curl -XPUT /etc/issue pc.hechunping.tech/pc
curl: (3) <url> malformed
<html>
<head><title>403 Forbidden</title></head> #nginx拒絕上傳
<body>
<center><h2>403 Forbidden</h2></center>
<hr><center>nginx</center>
</body>
</html>

# 注釋掉限制指定方法的配置
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf 
server {
  listen 80;
  server_name pc.hechunping.tech;
  location /pc {
    root html;
    #limit_except GET {
    #  allow 192.168.7.0/24;
    #  deny all;
    #}
  }
}
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#curl -XPUT /etc/issue pc.hechunping.tech/pc
curl: (3) <url> malformed
<html>
<head><title>405 Not Allowed</title></head> #nginx已經(jīng)允許,但是程序未支持上傳功能
<body>
<center><h2>405 Not Allowed</h2></center>
<hr><center>nginx</center>
</body>
</html>

3.13.3 是否啟?asynchronous file I/O(AIO)功能,需要編譯開(kāi)啟

linux 2.6以上內(nèi)核提供以下?個(gè)系統(tǒng)調(diào)?來(lái)?持aio:
1、SYS_io_setup:建?aio的context
2、SYS_io_submit: 提交I/O操作請(qǐng)求
3、SYS_io_getevents:獲取已完成的I/O事件
4、SYS_io_cancel:取消I/O操作請(qǐng)求
5、SYS_io_destroy:毀銷(xiāo)aio的context

3.13.4 啟用直接I/O

directio size | off; #操作完全和aio相反,aio是讀取?件?directio是寫(xiě)?件到磁盤(pán),啟?直接I/O,默認(rèn)為關(guān)閉,當(dāng)?件?于等于給定??時(shí),例如directio 4m,同步(直接)寫(xiě)磁盤(pán),??寫(xiě)緩存。

3.13.5 是否緩存打開(kāi)過(guò)的文件信息

open_file_cache off; #是否緩存打開(kāi)過(guò)的?件信息
open_file_cache max=N [inactive=time];
nginx可以緩存以下三種信息:
1) ?件元數(shù)據(jù):?件的描述符、?件??和最近?次的修改時(shí)間
2) 打開(kāi)的?錄結(jié)構(gòu)
3) 沒(méi)有找到的或者沒(méi)有權(quán)限訪(fǎng)問(wèn)的?件的相關(guān)信息
max=N:可緩存的緩存項(xiàng)上限數(shù)量;達(dá)到上限后會(huì)使?LRU(Least recently used,最近最少使?)算法實(shí)現(xiàn)管理
inactive=time:緩存項(xiàng)的?活動(dòng)時(shí)?,在此處指定的時(shí)?內(nèi)未被命中的或命中的次數(shù)少于
open_file_cache_min_uses指令所指定的次數(shù)的緩存項(xiàng)即為?活動(dòng)項(xiàng),將被刪除

3.13.6 open_file_cache指令的inactive參數(shù)指定的時(shí)?內(nèi),?少被命中此處指定的次數(shù)?可被歸類(lèi)為活動(dòng)項(xiàng)

open_file_cache_min_uses number; #默認(rèn)值為1

3.13.7 是否緩存查找時(shí)發(fā)?錯(cuò)誤的?件?類(lèi)的信息

open_file_cache_errors on | off; #默認(rèn)值為off

3.13.8 緩存項(xiàng)有效性的檢查驗(yàn)證頻率

open_file_cache_valid time; #默認(rèn)值為60s
open_file_cache max=10000 inactive=60s; #最?緩存10000個(gè)?件,?活動(dòng)數(shù)據(jù)超時(shí)時(shí)?60s
open_file_cache_valid 60s;  #每間隔60s檢查?下緩存數(shù)據(jù)有效性
open_file_cache_min_uses 5; #60秒內(nèi)?少被命中訪(fǎng)問(wèn)5次才被標(biāo)記為活動(dòng)數(shù)據(jù)
open_file_cache_errors on;  #緩存錯(cuò)誤信息

3.13.9 隱藏Nginx server版本。

server_tokens off; #默認(rèn)為on

訪(fǎng)問(wèn)測(cè)試
默認(rèn)值時(shí)的結(jié)果
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech
HTTP/1.1 200 OK
Server: nginx/1.16.1
...

設(shè)置為off后的結(jié)果,添加在http塊的全局配置
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech
HTTP/1.1 200 OK
Server: nginx
...

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)cdcxhl.cn,海內(nèi)外云服務(wù)器15元起步,三天無(wú)理由+7*72小時(shí)售后在線(xiàn),公司持有idc許可證,提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案,具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性?xún)r(jià)比高”等特點(diǎn)與優(yōu)勢(shì),專(zhuān)為企業(yè)上云打造定制,能夠滿(mǎn)足用戶(hù)豐富、多元化的應(yīng)用場(chǎng)景需求。

文章題目:Nginx核心配置詳解-創(chuàng)新互聯(lián)
網(wǎng)址分享:http://muchs.cn/article22/cshecc.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供網(wǎng)站排名、商城網(wǎng)站微信小程序、ChatGPT靜態(tài)網(wǎng)站、App開(kāi)發(fā)

廣告

聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶(hù)投稿、用戶(hù)轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話(huà):028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)

營(yíng)銷(xiāo)型網(wǎng)站建設(shè)