在CentOS7(mini)上安装:
[root@~ localhost]#lftp 172.16.0.1 lftp 172.16.0.1:/pub/Sources/7.x86_64/nginx> pwd ftp://172.16.0.1/pub/Sources/7.x86_64/nginx #偶数版本号为稳定版 lftp 172.16.0.1:/pub/Sources/7.x86_64/nginx> get nginx-1.10.2-1.el7.ngx.x86_64.rpm nginx-module-geoip-1.10.2-1.el7.ngx.x86_64.rpm 670448 bytes transferred Total 2 files transferred [root@~ localhost]#ls anaconda-ks.cfg nginx-1.10.2-1.el7.ngx.x86_64.rpm nginx-module-geoip-1.10.2-1.el7.ngx.x86_64.rpm [root@~ localhost]#yum install ./nginx-1.10.2-1.el7.ngx.x86_64.rpm #80端口没启动,即可启动Nginx [root@~ localhost]#ss -ntl [root@~ localhost]#systemctl start nginx.service
[root@etc localhost]#cd /etc/nginx/ [root@nginx localhost]#vim nginx.conf [root@nginx localhost]#cd conf.d/ [root@conf.d localhost]#ls default.conf [root@conf.d localhost]#vim test.conf server { listen 8080; server_name www.magedu.com; location / { index index.html index.htm; root /data/www; } } [root@conf.d localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful #重载 [root@conf.d localhost]#nginx -s reload [root@conf.d localhost]#mkdir -pv /data/www mkdir: created directory ‘/data’ mkdir: created directory ‘/data/www’ [root@conf.d localhost]#vim /data/www/index.html <h1>test page</h1> [root@conf.d localhost]#ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:8080 *:*
动态装载动态模块:
load_module files;
#动态装载Geoip模块 [root@~ localhost]#yum -y install ./nginx-module-geoip-1.10.2-1.el7.ngx.x86_64.rpm #查看安装完成生成的文件 [root@~ localhost]#rpm -ql nginx-module-geoip /usr/lib64/nginx/modules/ngx_http_geoip_module-debug.so /usr/lib64/nginx/modules/ngx_http_geoip_module.so #此文件是需要加载的模块 /usr/share/doc/nginx-module-geoip /usr/share/doc/nginx-module-geoip/COPYRIGHT #编辑主配置文件,将需要加载的文件放到全局配置中(main配置) [root@~ localhost]#vim /etc/nginx/nginx.conf error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; load_module /usr/lib64/nginx/modules/ngx_http_geoip_module.so; #装载模块 #配置文件语法检查 [root@~ localhost]#nginx -t #重载 [root@~ localhost]#nginx -s reload
性能优化的相关配置:
#进程数量和进程绑定CPU [root@~ localhost]#vim /etc/nginx/nginx.conf user nginx; worker_processes 4; #按CPU的颗数-lscpu #将worker进程绑定在指定的CPU上 worker_cpu_affinity 0001 0010 0100 1000; [root@~ localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful #将进程没有绑定在CPU和绑定进行压测 #没有绑定CPU [root@nginx localhost]#vim nginx.conf worker_processes 4; #worker_cpu_affinity 0001 0010 0100 1000; [root@nginx localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@nginx localhost]#nginx -s reload #检测 #-n:每0.5秒检测一次 #psr:运行进程的CPU [root@nginx localhost]#watch -n 0.5 'ps axo pid,comm,psr|grep "nginx"' Every 0.5s: ps axo pid,comm,psr|grep "nginx" Mon Jun 5 13:59:29 2017 20628 nginx 0 20766 nginx 3 20767 nginx 1 20768 nginx 0 20769 nginx 0 #另一台服务器测试: [root@~ localhost]#yum -y install httpd-tools #-n:发起的请求数 #-c:并发数 [root@~ localhost]#ab -n 100000 -c 20 http://172.16.250.89/index.html Benchmarking 172.16.250.89 (be patient) Completed 10000 requests Completed 20000 requests Completed 30000 requests Completed 40000 requests Completed 50000 requests Completed 60000 requests Completed 70000 requests Completed 80000 requests Completed 90000 requests Completed 100000 requests Finished 100000 requests Document Path: /index.html Document Length: 612 bytes Concurrency Level: 20 Time taken for tests: 189.948 seconds Complete requests: 100000 Failed requests: 0 Write errors: 0 Total transferred: 84500000 bytes HTML transferred: 61200000 bytes Requests per second: 526.46 [#/sec] (mean) Time per request: 37.990 [ms] (mean) Time per request: 1.899 [ms] (mean, across all concurrent requests) Transfer rate: 434.43 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 1 16 6.9 16 423 Processing: 2 21 9.4 20 552 Waiting: 0 15 8.9 15 407 Total: 6 37 13.7 36 652 Percentage of the requests served within a certain time (ms) 50% 36 66% 37 75% 39 80% 40 90% 43 95% 46 98% 53 99% 77 100% 652 (longest request) #进程绑定CPU: [root@nginx localhost]#vim nginx.conf user nginx; worker_processes 4; worker_cpu_affinity 0001 0010 0100 1000; [root@nginx localhost]#watch -n 0.5 'ps axo pid,comm,psr|grep "nginx"' [root@nginx localhost]#vim nginx.conf [root@nginx localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@nginx localhost]#nginx -s reload [root@nginx localhost]#watch -n 0.5 'ps axo pid,comm,psr|grep "nginx"' Every 0.5s: ps axo pid,comm,psr|grep "nginx" Mon Jun 5 14:03:10 2017 20628 nginx 0 23847 nginx 0 23848 nginx 1 23849 nginx 2 23850 nginx 3 #压测: [root@~ localhost]#ab -n 100000 -c 20 http://172.16.250.89/index.html Benchmarking 172.16.250.89 (be patient) Completed 10000 requests Completed 20000 requests Completed 30000 requests Completed 40000 requests Completed 50000 requests Completed 60000 requests Completed 70000 requests Completed 80000 requests Completed 90000 requests Completed 100000 requests Finished 100000 requests Document Path: /index.html Document Length: 612 bytes Concurrency Level: 20 Time taken for tests: 186.953 seconds Complete requests: 100000 Failed requests: 0 Write errors: 0 Total transferred: 84500000 bytes HTML transferred: 61200000 bytes Requests per second: 534.89 [#/sec] (mean) Time per request: 37.391 [ms] (mean) Time per request: 1.870 [ms] (mean, across all concurrent requests) Transfer rate: 441.39 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 1 17 4.9 16 194 Processing: 3 20 6.6 19 308 Waiting: 0 14 5.7 14 204 Total: 12 37 9.9 35 457 Percentage of the requests served within a certain time (ms) 50% 35 66% 37 75% 38 80% 39 90% 43 95% 48 98% 55 99% 66 100% 457 (longest request)
配置文件中映射目录测试:
[root@images localhost]#vim /etc/nginx/conf.d/test.conf server { listen 8080; server_name www.magedu.com; location / { index index.html index.htm; root /data/www; } location /images/ { #此处的路径实际上是/data/pictures/images; root /data/pictures/; } } [root@images localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@images localhost]#nginx -s reload [root@images localhost]#mkdir /data/pictures [root@images localhost]#cd /data/pictures [root@pictures localhost]#ls [root@pictures localhost]#mkdir images [root@pictures localhost]#ls images [root@pictures localhost]#cd images/ [root@images localhost]#ls tulips.jpg [root@images localhost]#pwd /data/pictures/images [root@images localhost]#ls tulips.jpg
#将root换成alias时 [root@pictures localhost]#vim /etc/nginx/conf.d/test.conf [root@images localhost]#cd /data/pictures/ [root@pictures localhost]#ls images lighthouse.jpg [root@pictures localhost]#vim /etc/nginx/conf.d/test.conf server { listen 8080; server_name www.magedu.com; location / { index index.html index.htm; root /data/www; } location /images/ { alias /data/pictures/; #别名,实际上相当于/images/与/data/pictures同级 } } [root@pictures localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@pictures localhost]#nginx -s reload
没有location的测试:
[root@conf.d localhost]#pwd /etc/nginx/conf.d [root@conf.d localhost]#vi test2.conf server { listen 8088; #开启8088端口 root /data/www2; server_name www2.magedu.com; } [root@conf.d localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@conf.d localhost]#nginx -s reload [root@conf.d localhost]#mkdir /data/www2 [root@conf.d localhost]#vim /data/www2/index.html <h1>www2</h1>
错误页面的重定向:
[root@conf.d localhost]#cat test2.conf server { listen 8088; server_name www2.magedu.com; #错误页面定位到如下路径;即在/data/www2/下得有这个图片文件 error_page 404 http://172.16.250.89:8088/error.jpg; location / { root /data/www2; } } [root@www localhost]#cd /data/www2/ [root@www2 localhost]#ls error.jpg images index.html
输入http://172.16.250.89:8088/index2.html:
用Telnet测试keepalive:
[root@conf.d localhost]#cat test2.conf server { listen 8088; server_name www2.magedu.com; error_page 404 =200 http://172.16.250.89:8088/error.jpg; keepalive_timeout 60; #60s后断开长连接 keepalive_requests 10; #在单个长连接上最多响应10个资源 location / { root /data/www2; } } [root@~ localhost]#telnet 172.16.250.89 8088 #指明ip和端口 Trying 172.16.250.89... Connected to 172.16.250.89. Escape character is '^]'. GET /index.html HTTP/1.1 #Telnet测试语法 Host: 172.16.250.89
Connection closed by foreign host. #超过60s自动断开长连接
basic认证:
[root@nginx localhost]#vim /etc/nginx/conf.d/test.conf server { listen 8080; server_name www.magedu.com; location / { index index.html index.htm; root /data/www; } location /images/ { alias /data/pictures/; } location /bbs/ { root /data/; #需要认证的文件 auth_basic "BBS internal"; #认证说明 auth_basic_user_file /etc/nginx/.ngxpasswd; #认证文件 } } #安装httpd-tools使用htpasswd生成认证文件和用户 [root@nginx localhost]#yum -y install httpd-tools [root@nginx localhost]#htpasswd -c -m /etc/nginx/.ngxpasswd tom #-c:创建认证文件 #-m:md5的算法加密 [root@nginx localhost]#htpasswd -m /etc/nginx/.ngxpasswd jerry [root@nginx localhost]#nginx -t [root@nginx localhost]#nginx -s reload [root@nginx localhost]#mkdir /data/bbs [root@nginx localhost]#vim /data/bbs/index.html <h1>FBI area</h1>
输入tom 和密码:
输出stub_status:
[root@nginx localhost]#vim /etc/nginx/conf.d/test.conf location /ngxstatus { stub_status; } [root@nginx localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@nginx localhost]#nginx -s reload
启用压缩功能:
[root@nginx localhost]#vim nginx.conf gzip on; #启用压缩 [root@nginx localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@nginx localhost]#nginx -s reload [root@www localhost]#curl -I --compressed http://172.16.250.89:8080/access_log.html HTTP/1.1 200 OK Server: nginx/1.10.2 Date: Wed, 14 Jun 2017 13:13:19 GMT Content-Type: text/html Last-Modified: Wed, 14 Jun 2017 12:43:59 GMT Connection: keep-alive ETag: W/"59412f8f-14ea216" Content-Encoding: gzip #已压缩 [root@nginx localhost]#vim nginx.conf gzip on; gzip_types text/css text/plain application/javascript; gzip_comp_level 5; #压缩比 gzip_min_length 64; #启用压缩的最小长度 [root@nginx localhost]#nginx -t [root@nginx localhost]#nginx -s reload
ngx_http_rewrite_module:
[root@conf.d localhost]#vim test.conf error_page 404 =200 /images/error.jpg; location / { index index.html index.htm; root /data/www; if ($http_user_agent ~* curl) { rewrite ^(.*)$ /curl/$1; #curl测试重定向 } } location /curl/ { alias /data/textagent; #curl重定向后的文件路径,需要手动创建 } #对error_page做重定向,到百度首页,临时的重定向(redirect:302) location = /images/error.jpg { rewrite ^(.*)$ http://www.baidu.com/ redirect; } #新疆curl重定向的页面 [root@conf.d localhost]#cd /data/ [root@data localhost]#cat textagent/index.html <h1>hello,this is rewrite page</h1> [root@conf.d localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@conf.d localhost]#nginx -s reload
测试效果:
输入:
ngx_http_referer_module:防盗链机制;
[root@conf.d localhost]#cat test.conf #在浏览器非手动键入网址访问或者referer值为空时,跳转 valid_referers none blocked server_name *.magedu.com; if ($invalid_referer) { return 302 http://www.magedu.com/; } [root@~ localhost]#curl -I -e http://www.baidu.com http://172.16.250.89:8080/ HTTP/1.1 302 Moved Temporarily Server: nginx/1.10.2 Date: Wed, 14 Jun 2017 16:03:04 GMT Content-Type: text/html Content-Length: 161 Connection: keep-alive Location: http://www.magedu.com/ #跳转到定义的网址 #-I:只显示请求头信息 #-e:模拟referer,从那个网址直接跳转到本网址
ngx_http_proxy_module:
[root@conf.d localhost]#cat default.conf server { listen 80; server_name localhost; #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://192.168.2.129:80/bbs; #此ip是被代理的主机ip }
输入:
#proxy_set_header:为了让被代理的的主机能保存真正访问的信息,如访问客户端的ip信息 [root@conf.d localhost]#vim default.conf location ~* \.(jpg|jpeg|gif|png)$ { proxy_pass http://192.168.2.129; proxy_set_header X-Real-IP $remote_addr; } [root@~ localhost]#nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@~ localhost]#nginx -s reload #在被代理主机上设置: [root@html localhost]#vim /etc/httpd/conf/httpd.conf LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined [root@html localhost]#httpd -t [root@html localhost]#systemctl restart httpd
[root@html localhost]#tail /var/log/httpd/access_log 172.16.250.55 - - [06/Jun/2017:13:09:12 +0800] "GET /1.jpg HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" 172.16.250.55 - - [06/Jun/2017:13:09:14 +0800] "GET /1.jpg HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" #172.16.250.55 是访问代理主机的客户端信息
代理缓存的设置:
[root@~ localhost]#cd /etc/nginx/ [root@nginx localhost]#vim nginx.conf http { #定义proxy的缓存路径必须在http下 #level是定义目录的格式,一级目录两个十六进制的值,二级是一个,三级是一个;keys_zone的名称是可以自由定义的,大小最大的1G proxy_cache_path /data/cache/ngnix levels=2:1:1 keys_zone=mycache:10m max_size=1g; } [root@nginx localhost]#mkdir /data/cache/ngnix -pv mkdir: created directory ‘/data’ mkdir: created directory ‘/data/cache’ mkdir: created directory ‘/data/cache/ngnix’ [root@nginx localhost]#vim /etc/nginx/conf.d/default.conf location ~* \.(jpg|jpeg|gif|png)$ { proxy_pass http://192.168.2.129; proxy_set_header X-Real-IP $remote_addr; proxy_cache mycache; #引用定义的缓存 proxy_cache_key $request_uri; #缓存key的内容 proxy_cache_valid 200 301 302 10m; #对于特定响应码的缓存时长 m分钟 h 小时 proxy_cache_valid any 1m; } [root@nginx localhost]#nginx -t [root@nginx localhost]#nginx -s reload
测试:
[root@conf.d localhost]#ll /data/cache/ngnix/ -h total 16K drwx------ 3 nginx nginx 4.0K Jun 6 00:22 60 drwx------ 3 nginx nginx 4.0K Jun 6 00:17 a4 drwx------ 3 nginx nginx 4.0K Jun 6 00:22 b3 drwx------ 3 nginx nginx 4.0K Jun 6 00:22 dd [root@conf.d localhost]#ll /data/cache/ngnix/60/4/c/635450b5c68b27bfaa2e0065cb86c460 -h
[root@nginx localhost]#vim /etc/nginx/conf.d/default.conf location ~* \.(jpg|jpeg|gif|png)$ { proxy_pass http://192.168.2.129; proxy_set_header X-Real-IP $remote_addr; proxy_cache mycache; proxy_cache_key $request_uri; proxy_cache_valid 200 301 302 10m; proxy_cache_valid any 1m; proxy_hide_header Server; #隐藏的是后端服务器的首部信息,而不是Nginx代理服务器的首部信息 add_header X-Proxy $server_addr; #添加首部的展示信息 }
输入: