1.Nginx编译安装
nginx依赖于pcre库,需要先安装pcre(二进制包,跟正则表达式有关),pcre-devel(头文件)
configure --prefix=/usr/local/nginx make && make install
Nginx:
主进程(master)功能:
1.读取并验证配置信息;
2.创建、绑定及关闭套接字;
3.启动、终止及维护worker进程;
4.无须终止服务而重新配置工作特性;
5.控制程序非中断升级;
6.重新打开日志文件,实现日志滚动;
7.编译嵌入式perl脚本;
工作进程(worker)功能:
1.接收、传入并处理来自客户端的连接;
2.提供反向代理及过滤功能;
3.nginx任何能完成的其他功能;
cache loader进程主要完成的任务包括:
1.检查缓存存储中的缓存对象;
2.使用缓存元数据建立内存数据库;
cache manager进程的主要任务:
1.缓存的失效及过期检验
事件驱动模型:
最著名的三个:epoll,kqueue,/dev/poll
sendfile
nginx的某些模块包依赖pcre-devel(perl的正则表达式)
worker数目如果是CPU密集型,worker应该与CPU数相同,若是计算密集型,那么是CPU数的1.5或者2倍
location URI {}:对当前路径及子路径下的所有对象都生效;
location = URI {}:精确匹配指定的路径,不包括子路径,因此,只对当前资源生效;
location ~URI {}:
location ~*URI {}:模式匹配,使用正则表达式,*表示不区分大小写;
location ^~URI{}:不使用正则表达式,不做原字符匹配
= 优先级最高
非正则表达式的次之
正则表达式
不加任何符号的
基于IP的用户访问限制
基于用户的用户访问限制
htpasswd -c -m /etc/nginx/.users tom
auth_basic "Restricted Area..."
auth_basic_user_file /etc/nginx/.users;
这样访问的时候,网页需要输入用户名和密码才能访问
2.Nginx配置管理
#user nobody; worker_processes 1; //工作子进程数,一般设置成CPU数*核数 #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ .php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
基于域名和端口的虚拟主机管理
例子1: 基于域名的虚拟主机 server { listen 80; #监听端口 server_name a.com; #监听域名 location / { root /var/www/a.com; #根目录定位 index index.html; } } 例子2: 基于端口的虚拟主机配置 server { listen 8080; server_name 192.168.1.204; location / { root /var/www/html8080; index index.html; } }
3.日志管理
针对不同的server,nginx可以使用不同的日志管理策略
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access_8080.log mylog; 声明log log位置 log格式;
将日志每天进行重命名然后重新生成,避免日志太大解析不方便
#!/bin/bash base_path='/usr/local/nginx/logs' log_path=$(date -d yesterday +"%Y%m") day=$(date -d yesterday +"%d") mkdir -p $base_path/$log_path mv $base_path/access.log $base_path/$log_path/access_$day.log #echo $base_path/$log_path/access_$day.log kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
4.location定位语法
location / { root html; index index.htm index.html; } location = /index.htm { root /usr/local/nginx/html/bbs/; index index.html; }
访问http://10.160.65.44/,得到结果:This is /usr/local/nginx/html/bbs/index.html
访问http://10.160.65.44/index.htm,得到结果:This is /usr/local/nginx/html/bbs/index.html
location / { root html; index b.htm; } location = /b.htm { root /usr/local/nginx/html/bbs/; index b.html; }
location的命中原则:
1.精准命中,命中则返回结果
2.判断普通命中,如果有多个命中,记录最长的命中结果,普通命中顺序无所谓,按照长短来匹配。
3.继续判断正则表达式的解析结果,按配置里的正则表达式顺序为准,由上到下开始匹配,一旦匹配成功,立即返回结果并结束。正则匹配有所谓,
因为按照顺序来匹配。
5.rewrite的写法
在location中添加rewrite的语法,下面来自10.140.65.135的访问都会被forbidden。
location / { if ( $remote_addr = 10.140.65.135 ){ return 403; } root html; index index.htm index.html; }
在location中rewrite到其他页面
location / { if ($http_user_agent ~ MSIE) { rewrite ^.*$ /ie.html; break; } root html; index index.htm index.html; }
6.nginx和php结合
先编译php:
./configure --prefix=/usr/local/fastphp --with-mysqli=mysqlnd --enable-mysqlnd --with-gd
--enable-gd-native-ttf --enable-gd-jis-conv