nginx
修改配置后要重启,先检查修改后的配置有没有问题 ./nginx -t
手动安装
$ wget https://nginx.org/download/nginx-1.18.0.tar.gz
$ tar -zxvf nginx-1.15.2.tar.gz
$ cd nginx-1.15.2
$ ./configure --with-pcre --prefix=/usr/local/nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --without-http_charset_module --with-http_perl_module --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module
$ make && make install
$ cd /usr/local/nginx/ 安装位置
// 查看nginx.conf文件位置
$ nginx -t
// 查看nginx进程
$ ps -ef | grep nginx
// 强制杀掉进程
$ kill -s 9 <nginx-pid>
命令选项
λ ./nginx.exe -h
nginx version: nginx/1.15.1
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]
选项:
- ?, - h:这个帮助
-v:显示版本并退出
-V:显示版本并配置选项然后退出
-t:测试配置并退出
-T:测试配置,转储并退出
-q:在配置测试期间抑制非错误消息
-s signal:向主进程发送信号:停止[stop],退出[quit],重新打开[reopen],重新加载[reload]
-p prefix:设置前缀路径(默认值:NONE)
-c filename:设置配置文件(默认值:conf / nginx.conf)
-g 指令:从配置文件中设置全局指令
日志 /logs
- 所有的请求信息会被打印到 access.log里面
- 错误日志打印到error.log
- nginx.pid 是当前的进程
nginx.conf
#user nobody; # Nginx 运行的用户和用户组
worker_processes 1; # 启动进程,通常和cpu一样
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024; # 单个后台,工作进程最大并发链接数
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on; # 是否调用 sendfile 来输出文件,普通应用必须设置on,如果是磁盘io重负应用可设置成off
#tcp_nopush on; # 防止网络阻塞
#keepalive_timeout 0;
keepalive_timeout 65; # 客户端到服务器的超时时间
#gzip on; #开启gzip压缩
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html; # the path of static file
index index.html index.htm; # read file by default
}
#error_page 404 /404.html;
error_page 404 /404.html;
location = /404.html {
root html;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
反向代理&负载均衡
weight 值越大 分配的几率越高
upstream proxy_hosts {
server 96.45.179.62:80 weight=5;
server localhost:8081 weight=1;
}
server {
location / {
# 访问localhost时, 会被转到http://96.45.179.62:80;
proxy_pass http://proxy_hosts;
# proxy_pass http://96.45.179.62:80;
# rewrite ^(.*)\.htmp$ /index.html;
}
}
比如node开了一个服务器端口,需要使用二级域名来访问
server {
listen 80;
server_name blog.ajanuw.xyz;
location / {
proxy_pass http://127.0.0.1:5000;
}
}
上面的例子把blog.ajanuw.xyz转发到了http://127.0.0.1:5000
https转发示例
当访问 ajanuw.xyz时,会被跳转到https://ajanuw.xyz,然后返回服务器的3000端口程序
server {
listen 80;
listen [::]:80;
server_name ajanuw.xyz;
return 301 https://ajanuw.xyz;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/ajanuw.xyz/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/ajanuw.xyz/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_dhparam /etc/letsencrypt/live/ajanuw.xyz/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/ajanuw.xyz/fullchain.pem;
resolver 96.45.181.208;
location / {
proxy_pass http://127.0.0.1:3000;
}
路由中的正则表达式
location /(*)\.html {
root html;
index $1.html;
}
# ?: 只进行分组,不进行变量捕获
location ~ /admin/public/.+\.(?:jpg|png)$ {
root html;
}
可以用$N取出group的值,假如访问localhost/a.html那么就会加载html/a.html文件。
正则表达式应以~开头,第二个路由假如访问/admin/public/i.png到本地的html/admin/public/i.png文件,没找到返回404
~区分大小写,~* 不区分大小写
正则表达式中的命名捕获会创建变量
server {
server_name ~^(www\.)?(?<domain>.+)$;
location / {
root /sites/$domain;
}
}
静态文件
nginx将根据请求,从不同的本地目录提供文件
匹配的请求,会将URI添加到root指令中指定的路径"{root}/{URL}"
location / {
root html;
index index.html; # 在"html"目录下找"index.html"文件
}
location /xx/yy/zz/ {
root html;
index index.html; # 在"html/xx/yy/zz/"目录下找"index.html"文件
}
alias虚拟路径
location /admin/ {
alias html/xxx/;
index index.html;
}
location / {
root html;
index index.html;
}
访问"localhost/admin/"将返回"html/xxx/index.html"
你可能想返回纯文本
location / {
charset utf-8;
default_type text/html;
set $my_name ajanuw;
set $my_password 123456;
if ($args) {
set $test a;
}
if ($arg_name = $my_name) {
set $test "${test}b";
}
if ($arg_password = $my_password) {
set $test "${test}c";
}
add_header X-test "$test"; # test
if ($test = abc) {
# test
add_header X-arg_name $arg_name;
add_header X-arg_password $arg_password;
add_header X-args $args;
return 200 "<h1>Welcome Login $arg_name</h1>";
}
return 200 "<h1>hello world</h1>";
}
include
可以将不同配置文件分开存放,然后在"nginx.conf"中导入
conf/servers.con
server {
listen 80;
server_name 127.0.0.1;
location /api/url {
charset utf-8;
default_type text/html;
if ($arg_url) {
set $zf 1;
}
if ($arg_url ~* ^https?) {
set $zf "${zf}2";
}
if ($zf = 12) {
return 303 $arg_url;
}
if ($zf = 1) {
return 303 http://$arg_url;
}
return 400 "需要url参数";
}
}
conf/nginx.conf
http {
...
include servers.conf;
}
下载速率限制
location /img/ {
root html;
# 每秒10kb
limit_rate 10k;
add_header Content-disposition "attachment";
}
See also:
