nginx安装以及常用配置

一、安装Nginx

1.下载nginx安装包

[root@nethost ~]# wget http://nginx.org/download/nginx-1.6.3.tar.gz

2.解压安装包并进入解压出来的文件夹

[root@nethost ~]# tar -vf nginx-1.6.3.tar.gz

[root@nethost ~]# cd nginx-1.6.3/

3.安装相关依赖包

[root@nethost ~]# yum -y install pcre-devel

[root@nethost ~]# yum -y install gcc gcc-c++

[root@nethost ~]# yum -y install openssl-devel

4.添加nginx用户及用户组

[root@nethost ~]# groupadd -r nginx

[root@nethost ~]# useradd -g nginx -r nginx

[root@nethost ~]# id nginx

uid=996(nginx) gid=993(nginx) groups=993(nginx)

5.编译并安装nginx

[root@nethost nginx-1.6.3]# ./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --user=nginx --group=nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_mp4_module --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi

[root@nethost nginx-1.6.3]# make && make  install

6.创建相关目录

[root@nethost ~]# mkdir -pv /var/tmp/nginx/{client.proxy,fastcgi,uwsgi}

mkdir: created directory ‘/var/tmp/nginx’

mkdir: created directory ‘/var/tmp/nginx/client.proxy’

mkdir: created directory ‘/var/tmp/nginx/fastcgi’

mkdir: created directory ‘/var/tmp/nginx/uwsgi’

7.启动nginx并检验

[root@nethost ~]# /usr/local/nginx/sbin/nginx

[root@nethost ~]# ss -tnl

State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              

LISTEN      0      100    127.0.0.1:25                    *:*                  

LISTEN      0      128       *:9922                  *:*                  

LISTEN      0      128       *:111                   *:*                  

LISTEN      0      128       *:80                    *:*                  

LISTEN      0      100     ::1:25                   :::*                  

LISTEN      0      128      :::9922                 :::*                  

LISTEN      0      128      :::111                  :::*      

8.访问测试

二、常用配置指令

   1、server{ }

            定义一个虚拟主机

      （1）在nginx配置文件中添加以下内容：

[root@nethost ~]# cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

[root@nethost ~]# mkdir /vhost/web1 -pv

mkdir: created directory ‘/vhost’

mkdir: created directory ‘/vhost/web1’

[root@nethost ~]# echo web1 > /vhost/web1/index.html

[root@nethost ~]# vim /etc/nginx/nginx.conf

80      server {

81          listen 8080;

82          server_name www.a.com;

83          root "/vhost/web1";

84             }

        （2）重启服务并测试

2、listen  

         指定监听的地址和端口

        使用格式：

              listen address[:port];

              listen  port;

3、server_name NAME..;

        指定主机名，后可跟多个主机名，名称还可以使用正则表达式（~）或通配符

4、root path;

           设置资源路径映射： 用于指明请求的URL所对应的资源所在的文件系统上的起始路径

5、location；

6、alias path;

7、index file;

8、error_page

            根据http响应状态码来指明特定的错误页面；

（1）      自定义404状态码对应的页面

[root@nethost ~]# vim /etc/nginx/nginx.conf

84          error_page 404 /404.html;

[root@nethost ~]# echo "your page is lost" >> /vhost/web1/404.html

[root@nethost ~]# /usr/local/nginx/sbin/nginx -s reload

测试结果

（2）[=code]: 以指定的响应码进行响应

[root@nethost ~]# vim /etc/nginx/nginx.conf

84          error_page 404 =200 /404.html;

测试结果：

9、基于IP的访问控制

deny  IP地址

allow  IP地址

[root@nethost ~]# vim /etc/nginx/nginx.conf

85           deny 103.95.95.30;

10、基于用户的访问控制

两种认证方式：

        basic

       digest

在配置文件中添加如下指令：

• auth_basic      指定给用户的提示内容

• auth_basic_user_file           指定认证用户的账号密码文件所在位置

[root@nethost nginx]# vim /etc/nginx/nginx.conf

86           auth_basic "Only for VIP:";

87           auth_basic_user_file /etc/nginx/users/.htpasswd;

88             }

[root@nethost nginx]# cd /etc/nginx/

[root@nethost nginx]# mkdir users

[root@nethost nginx]# htpasswd -c -m /etc/nginx/users/.htpasswd tom

[root@nethost nginx]# htpasswd -c -m /etc/nginx/users/.htpasswd tom

New password:

Re-type new password:

Adding password for user tom

[root@nethost nginx]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@nethost nginx]# /usr/local/nginx/sbin/nginx -s reload

测试：

11、https服务

步骤：生成私钥-->生成证书签署请求，并获得证书

[root@nethost ~]# vim /etc/nginx/nginx.conf

106     server {

107         listen       443 ssl;

108         server_name  ca.mageedu.com;

109

110         ssl_certificate      /etc/nginx/ssl/nginx.crt;

111         ssl_certificate_key  /etc/nginx/ssl/nginx.key;

112

113         ssl_session_cache    shared:SSL:1m;

114          ssl_session_timeout  5m;

115

116         ssl_ciphers  HIGH:!aNULL:!MD5;

117         ssl_prefer_server_ciphers  on;

118

119         location / {

120             etoot   /vhost/web1;

121             index  index.html index.htm;

122         }

123     }

12、stub_status {on | off};

            仅能用于location上下文

[root@nethost ~]# vim /etc/nginx/nginx.conf

47         location /status {

48             stub_status on;

49             allow 211.146.16.132;

50             deny all;

51          }

[root@nethost ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@nethost ~]# /usr/local/nginx/sbin/nginx -s reload

测试结果：

13、rewrite

[root@nethost ~]# vim /etc/nginx/nginx.conf

34     server {

35         listen 80;

36         server_name  a.com;

37         rewrite ^/(.*) http://www.abc.com permanent;

38 }

39     server {

40         listen       80;

41         server_name  www.abc.com;

42

43         #charset koi8-r;

44

45         #access_log  logs/host.access.log  main;

46

47         location / {

48             root   html;

49             index  index.html index.htm;

50         }

[root@nethost ~]# /usr/local/nginx/sbin/nginx -s reload

修改客户端host文件，并测试

访问a.com

跳转至www.abc.com

14、if

15、防盗链

16、定制访问日志格式