nginx 笔记

本文档是对【GeekHour】30分钟Nginx入门教程 的课程实验,笔记不是完全按照课程所讲。

课件可以可以关注 公众号 后获取

Nginx课程笔记的下载地址:https://pan.baidu.com/s/1UCvjs5_YFRxqeJ-3oYV4vg?pwd=ngin 提取码: ngin

nginx的文档参考

https://blog.redis.com.cn/doc/

环境准备

我使用的是Orbstack 下的centos 虚拟机,其他机器类似

1
2
yum instal -y nginx

服务启停

默认启动 nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@centos ~]# ps -ef|grep -v grep |grep nginx
root         452       1  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        453     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        454     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        455     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        456     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        457     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        458     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        459     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        460     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        461     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx
nginx        462     452  0 22:15 ?        00:00:00 [rosetta] /usr/sbin/nginx nginx


验证安装

1
2
3
4
curl 127.0.0.1

ip a 查看地址
浏览器访问 198.19.249.173 # 虚拟机地址

运行中发送信号控制行为

1
2
3
4
5
6

nginx -s quit|stop| reload |reopen 
quit 退出
stop 暂停
reload 重载配置文件
reopen 重新打开日志文件

部署静态站点

nginx -V 查看nginx的安装配置

1
2
3
4
5
6
7
8


[root@centos ~]# nginx -V
nginx version: nginx/1.14.1
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-3) (GCC) 
built with OpenSSL 1.1.1k  FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'

默认配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
[root@centos ~]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

server 下root 指代的是 --prefix的目录

1
2
3
4
5
6
7
[root@centos ~]# cd /usr/share/nginx
[root@centos nginx]# ll
total 0
drwxr-xr-x 1 root root 106 Jul  5 13:04 html
drwxr-xr-x 1 root root 194 Jul  5 13:04 modules
[root@centos nginx]# pwd
/usr/share/nginx

下好的网页一般配置在$prefix/html 目录 这里我不做修改

备份原html

1
2
3
cd /usr/share/nginx/html

mv index.html  index_bk.html

新建一个简单的html

1
2
3
4
5
6
7
8
9
10
11
12
13
14
cat << EOF > index.html
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>

<h1> This is just a test</h1>

</body>
</html>
EOF
1
2
curl 127.0.0.1 # 查看返回内容和写入html 文件是否相同
或者使用浏览器访问机器IP 查看即可

nginx 配置块解读

1
2
3
4
5
6
7
8

全局块
events {
events 块
}
http {
http 块
}

官网配置解读

配置反向代理

服务器简单准备

1
mkdir /tmp/{8001,8002,8003}
1
2
3
cat << EOF > /tmp/8001/index.html
This is msg from  8001
EOF
1
2
3
cat << EOF > /tmp/8002/index.html
This is msg from  8002
EOF
1
2
3
cat << EOF >/tmp/8003/index.html
This is msg from  8003
EOF
1
2
3
4
5
6
7
nohup python3 -m http.server -d /tmp/8001/  8001 >/dev/null 2>&1 &
nohup python3 -m http.server -d /tmp/8002/  8002 >/dev/null 2>&1 &
nohup python3 -m http.server -d /tmp/8003/  8003 >/dev/null 2>&1 &


python -m http.server 8080 --bind 127.0.0.1 --cgi-mappings "/app=/tmp/8003/index.html"

1
2
3
4
5
6
7
[root@centos 8001]# curl 127.0.0.1:8001
This is msg from  8001
[root@centos 8001]# curl 127.0.0.1:8002
This is msg from  8002
[root@centos 8001]# curl 127.0.0.1:8003
This is msg from  8003
[root@centos 8001]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {

    upstream backend {
        server 198.19.249.173:8001 weight=1;
        server 198.19.249.173:8002 weight=2;
        server 198.19.249.173:8003 weight=3;
    }

    server {
        listen       80 default_server;
        server_name  localhost;

    location / {
        proxy_pass http://backend;
    }
    }
}

这样配置成功转发本地的请求

配置https

使用自签名证书

1
2
3
4
openssl genrsa -out private.key 2048
openssl req -new -key private.key -out cert.csr
openssl x509 -req -in cert.csr -out cacert.pem -signkey private.key

server 块配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    server {
        listen       443 ssl;
        server_name  localhost;
    
    		# 公钥文件
        ssl_certificate         /home/king/cacert.pem;
        # 私钥文件
        ssl_certificate_key     /home/king/private.key;

    location / {
       }
   }
}
#nginx
nginx 笔记
https://kingjem.github.io/2022/08/17/nginx/
作者
Ruhai
发布于
2022年8月17日
许可协议