博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

Nginx虚拟主机,Nginx日志,Nginx访问控制模块,Nginx状态监控模块,访问连接控制模块

Posted on 2022-01-04 20:07  ~sang  阅读(76)  评论(0编辑  收藏  举报

一、Nginx虚拟主机

1、基于多IP的方式

[root@web01 conf.d]# cat /etc/nginx/conf.d/game1.conf
server {
    listen 80;
    server_name 172.16.1.7;
    location / {
    root /opt/Super_Marie;
    index index.html;
    }
}

server {
    listen 80;
    server_name 192.168.15.7;
    location / {
    root /opt/Chinese_chess;
    index index.html;
    }
}
[root@web01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 conf.d]# systemctl restart nginx

2、基于多端口的方式

[root@web01 conf.d]# cat /etc/nginx/conf.d/game2.conf
server {
    listen 80;
    server_name 172.16.1.7;
    location / {
    root /opt/Super_Marie;
    index index.html;
    }
}

server {
    listen 81;
    server_name 172.16.1.7;
    location / {
    root /opt/Chinese_chess;
    index index.html;
    }
}
[root@web01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 conf.d]# systemctl restart nginx

3、基于多域名的方式

[root@web01 conf.d]# cat /etc/nginx/conf.d/game3.conf
server {
    listen 80;
    server_name www.super_game.com;
    location / {
    root /opt/Super_Marie;
    index index.html;
    }
}

server {
    listen 80;
    server_name www.chess_game.com;
    location / {
    root /opt/Chinese_chess;
    index index.html;
    }
}
[root@web01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 conf.d]# systemctl restart nginx

二、Nginx日志

$remote_addr    # 记录客户端IP地址
$remote_user    # 记录客户端用户名
$time_local    # 记录通用的本地时间
$time_iso8601    # 记录ISO8601标准格式下的本地时间
$request    # 记录请求的方法以及请求的http协议
$status    # 记录请求状态码(用于定位错误信息)
$body_bytes_sent    # 发送给客户端的资源字节数,不包括响应头的大小
$bytes_sent    # 发送给客户端的总字节数
$msec    # 日志写入时间,单位为秒,精度是毫秒
$http_referer    # 记录从哪个页面链接访问过来的
$http_user_agent    # 记录客户端浏览器相关信息
$http_x_forwarded_for    # 真实的客户端IP(在反向代理中生效)
$X-Real-IP    # 记录起始的客户端IP地址和上一层的客户端IP地址
$request_length    # 请求的长度
$request_time    # 请求花费的时间,单位为秒,精度毫秒

三、Nginx访问控制模块

1、ngx_http_access_module

  允许或者拒绝某些IP访问

  deny:拒绝

  allow:允许

  案例1:允许192.168.15.1访问,不允许其它IP访问

     allow 192.168.15.7;

       deny all;

[root@web01 ~]# curl -H'Host: www.super_game.com' -I 172.16.1.7
HTTP/1.1 403 Forbidden
Server: nginx/1.20.2
Date: Tue, 04 Jan 2022 11:14:54 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

  案例2:允许192.168.15.0/这个网段访问,不允许其它网段访问

[root@web01 ~]# cat /etc/nginx/conf.d/game3.conf
server {
    listen 80;
    server_name www.super_game.com;
    allow 192.168.15.0/24;
    deny all;
    location / {
    root /opt/Super_Marie;
    index index.html;
    }
}
[root@web01 ~]# curl -H'Host: www.super_game.com' -I 172.16.1.7
HTTP/1.1 403 Forbidden
Server: nginx/1.20.2
Date: Tue, 04 Jan 2022 11:06:44 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

  案例3:只允许通过VPN来访问

    allow 172.16.1.81;

    deny all;

2、ngx_http_auth_basic_module

  访问之前需要登录

  1.安装httpd-tools

    [root@web01 ~]# yum install httpd-tools -y

  2.生成用户密码文件

    [root@web01 ~]# htpasswd -c /etc/nginx/auth lidabiao

[root@web01 ~]# htpasswd -c /etc/nginx/auth lidabiao
New password: 
Re-type new password: 
Adding password for user lidabiao
[root@web01 ~]# cat /etc/nginx/auth
lidabiao:$apr1$JYANwdJ2$5RMsrWy1ma1aLBCibyt6N.

  3.将文件路径加入Nginx配置

    auth_basic "Welcome To Login";

    auth_basic_user_file /etc/nginx/auth;

  4.重启Nginx

[root@web01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 ~]# systemctl restart nginx

 

 3、ngx_http_autoindex_module

  展示目录索引

[root@web01 ~]# cat /etc/nginx/conf.d/game4.conf
server {
    listen 80;
    server_name 172.16.1.7;
    location / {
    root /tmp/nginx-1.20.2;
    autoindex on;    # 展示目录索引,默认关闭(http、server、location都可用)
    autoindex_exact_size on;    # 格式化文件大小,默认打开
    autoindex_localtime on;    # 显示当前时间,默认UTC时间
    autoindex_format html;    # 默认html格式(html、xml、json、jsonp)
    }
}

 

 

 四、Nginx状态监控模块

ngx_http_stub_status_module

  监控Nginx运行状态

[root@web01 ~]# cat /etc/nginx/conf.d/game4.conf
server {
    listen 80;
    server_name 172.16.1.7;
    location / {
    stub_status;
    }
}

 

 

 五、访问连接控制模块

1、ngx_http_limit_conn_module(控制Nginx连接数量)

[root@web01 conf.d]# cat /etc/nginx/conf.d/game4.conf
limit_conn_zone $remote_addr zone=addr:10m;    # $remote_addr:客户端IP地址
server {
    listen 80;
    server_name 172.16.1.7;
    limit_conn addr 1;    # 限制连接数
    location / {
    root /opt/Super_Marie;
    index index.html;
    }
}
[root@web01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 conf.d]# systemctl restart nginx

2、ngx_http_limit_req_module(控制Ngi访问量)

  连接池

    limit_req_zone $remote_addr zone=one:10m rate=1r/s;

    声明连接池        变量               名称   连接池大小     速率

[root@web01 conf.d]# cat /etc/nginx/conf.d/game4.conf
# limit_conn_zone $remote_addr zone=addr:10m;

limit_req_zone $remote_addr zone=one:10m rate=1r/s;
server {
    listen 80;
    server_name 172.16.1.7;
#   limit_conn addr 1;

    limit_req zone=one burst=5;
    location / {
    root /opt/Super_Marie;
    index index.html;
    }
}
[root@web01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 conf.d]# systemctl restart nginx

3、安装ab压力测试命令

  [root@web01 conf.d]# yum install httpd-tools -y

  ab参数

    -n:总共需要访问多少次

    -c:每次访问多少个

[root@web01 conf.d]# ab -n 100000 -c 200 http://172.16.1.7/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 172.16.1.7 (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests
Completed 60000 requests
Completed 70000 requests
Completed 80000 requests
Completed 90000 requests
Completed 100000 requests
Finished 100000 requests


Server Software:        nginx/1.20.2
Server Hostname:        172.16.1.7
Server Port:            80

Document Path:          /
Document Length:        1703 bytes

Concurrency Level:      200
Time taken for tests:   11.002 seconds
Complete requests:      100000
Failed requests:        99988
   (Connect: 0, Receive: 0, Length: 99988, Exceptions: 0)
Write errors:           0
Non-2xx responses:      99988
Total transferred:      36918816 bytes
HTML transferred:       19718072 bytes
Requests per second:    9089.15 [#/sec] (mean)
Time per request:       22.004 [ms] (mean)
Time per request:       0.110 [ms] (mean, across all concurrent requests)
Transfer rate:          3276.96 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    3   4.4      2      65
Processing:     1   10  45.8      7    5014
Waiting:        0    9  45.7      7    5013
Total:          3   13  46.0      9    5014

Percentage of the requests served within a certain time (ms)
  50%      9
  66%     12
  75%     14
  80%     16
  90%     22
  95%     29
  98%     37
  99%     46
 100%   5014 (longest request)