一、安装Nginx
1.下载nginx安装包
[root@nethost ~]# wget http://nginx.org/download/nginx-1.6.3.tar.gz
2.解压安装包并进入解压出来的文件夹
[root@nethost ~]# tar -vf nginx-1.6.3.tar.gz
[root@nethost ~]# cd nginx-1.6.3/
3.安装相关依赖包
[root@nethost ~]# yum -y install pcre-devel
[root@nethost ~]# yum -y install gcc gcc-c++
[root@nethost ~]# yum -y install openssl-devel
4.添加nginx用户及用户组
[root@nethost ~]# groupadd -r nginx
[root@nethost ~]# useradd -g nginx -r nginx
[root@nethost ~]# id nginx
uid=996(nginx) gid=993(nginx) groups=993(nginx)
5.编译并安装nginx
[root@nethost nginx-1.6.3]# ./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --user=nginx --group=nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_mp4_module --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi
[root@nethost nginx-1.6.3]# make && make install
6.创建相关目录
[root@nethost ~]# mkdir -pv /var/tmp/nginx/{client.proxy,fastcgi,uwsgi}
mkdir: created directory ‘/var/tmp/nginx’
mkdir: created directory ‘/var/tmp/nginx/client.proxy’
mkdir: created directory ‘/var/tmp/nginx/fastcgi’
mkdir: created directory ‘/var/tmp/nginx/uwsgi’
7.启动nginx并检验
[root@nethost ~]# /usr/local/nginx/sbin/nginx
[root@nethost ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:9922 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::9922 :::*
LISTEN 0 128 :::111 :::*
8.访问测试
二、常用配置指令
1、server{ }
定义一个虚拟主机
(1)在nginx配置文件中添加以下内容:
[root@nethost ~]# cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
[root@nethost ~]# mkdir /vhost/web1 -pv
mkdir: created directory ‘/vhost’
mkdir: created directory ‘/vhost/web1’
[root@nethost ~]# echo web1 > /vhost/web1/index.html
[root@nethost ~]# vim /etc/nginx/nginx.conf
80 server {
81 listen 8080;
82 server_name www.a.com;
83 root "/vhost/web1";
84 }
(2)重启服务并测试
2、listen
指定监听的地址和端口
使用格式:
listen address[:port];
listen port;
3、server_name NAME..;
指定主机名,后可跟多个主机名,名称还可以使用正则表达式(~)或通配符
4、root path;
设置资源路径映射: 用于指明请求的URL所对应的资源所在的文件系统上的起始路径
5、location;
6、alias path;
7、index file;
8、error_page
根据http响应状态码来指明特定的错误页面;
(1) 自定义404状态码对应的页面
[root@nethost ~]# vim /etc/nginx/nginx.conf
84 error_page 404 /404.html;
[root@nethost ~]# echo "your page is lost" >> /vhost/web1/404.html
[root@nethost ~]# /usr/local/nginx/sbin/nginx -s reload
测试结果
(2)[=code]: 以指定的响应码进行响应
[root@nethost ~]# vim /etc/nginx/nginx.conf
84 error_page 404 =200 /404.html;
测试结果:
9、基于IP的访问控制
deny IP地址
allow IP地址
[root@nethost ~]# vim /etc/nginx/nginx.conf
85 deny 103.95.95.30;
10、基于用户的访问控制
两种认证方式:
basic
digest
在配置文件中添加如下指令:
-
auth_basic 指定给用户的提示内容
-
auth_basic_user_file 指定认证用户的账号密码文件所在位置
[root@nethost nginx]# vim /etc/nginx/nginx.conf
86 auth_basic "Only for VIP:";
87 auth_basic_user_file /etc/nginx/users/.htpasswd;
88 }
[root@nethost nginx]# cd /etc/nginx/
[root@nethost nginx]# mkdir users
[root@nethost nginx]# htpasswd -c -m /etc/nginx/users/.htpasswd tom
[root@nethost nginx]# htpasswd -c -m /etc/nginx/users/.htpasswd tom
New password:
Re-type new password:
Adding password for user tom
[root@nethost nginx]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nethost nginx]# /usr/local/nginx/sbin/nginx -s reload
测试:
11、https服务
步骤:生成私钥-->生成证书签署请求,并获得证书
[root@nethost ~]# vim /etc/nginx/nginx.conf
106 server {
107 listen 443 ssl;
108 server_name ca.mageedu.com;
109
110 ssl_certificate /etc/nginx/ssl/nginx.crt;
111 ssl_certificate_key /etc/nginx/ssl/nginx.key;
112
113 ssl_session_cache shared:SSL:1m;
114 ssl_session_timeout 5m;
115
116 ssl_ciphers HIGH:!aNULL:!MD5;
117 ssl_prefer_server_ciphers on;
118
119 location / {
120 etoot /vhost/web1;
121 index index.html index.htm;
122 }
123 }
12、stub_status {on | off};
仅能用于location上下文
[root@nethost ~]# vim /etc/nginx/nginx.conf
47 location /status {
48 stub_status on;
49 allow 211.146.16.132;
50 deny all;
51 }
[root@nethost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nethost ~]# /usr/local/nginx/sbin/nginx -s reload
测试结果:
13、rewrite
[root@nethost ~]# vim /etc/nginx/nginx.conf
34 server {
35 listen 80;
36 server_name a.com;
37 rewrite ^/(.*) http://www.abc.com permanent;
38 }
39 server {
40 listen 80;
41 server_name www.abc.com;
42
43 #charset koi8-r;
44
45 #access_log logs/host.access.log main;
46
47 location / {
48 root html;
49 index index.html index.htm;
50 }
[root@nethost ~]# /usr/local/nginx/sbin/nginx -s reload
修改客户端host文件,并测试
访问a.com
跳转至www.abc.com
14、if
15、防盗链
16、定制访问日志格式