10 Nginx模块介绍

Nginx模块官方文档TP

目录索引模块ngx_http_autoindex_module

1）语法

Syntax:	autoindex on | off;
Default:	
autoindex off;
Context:	http, server, location

#优化部分
#显示具体大小 off 显示K/M/G单位   on  单位就是 bytes
Syntax:	autoindex_exact_size on | off;
Default:	autoindex_exact_size on;
Context:	http, server, location

#显示文件最后修改时间  如果是 off 需要加8小时
Syntax:	autoindex_localtime on | off;
Default:	autoindex_localtime off;
Context:	http, server, location

2）配置

#可以用来搭建yum仓库
[root@web01 conf.d]# cat autoindex.conf 
server {
	listen 80;
	server_name www.yum01.com;
	location / {
		root /yumcangku;
		autoindex on;
		autoindex_localtime on;
		autoindex_exact_size on;	
	}
}

访问控制模块ngx_http_access_module

1）语法

#允许访问语法
Syntax:	allow address | CIDR | unix: | all;
Default:	—
Context:	http, server, location, limit_except

#拒绝访问语法
Syntax:	deny address | CIDR | unix: | all;
Default:	—
Context:	http, server, location, limit_except

2）配置

#要求10.0.0.1可以访问我的/download 目录，其他网址不允许
server {
    listen 80;
    server_name www.host1.com;
    charset 'utf-8';

    location / {
        root /codehost1;
        index index.html;
    }

    location /download {
        root /codehost1;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        allow 10.0.0.1;
        deny all;
    }
}

#要求10.0.0.1不可以访问我的/download 目录，其他网址允许
server {
    listen 80;
    server_name www.host1.com;
    charset 'utf-8';

    location / {
        root /codehost1;
        index index.html;
    }

    location /download {
        root /codehost1;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        deny 10.0.0.1;
        allow all;
    }
}

#要求10.0.0.0网段可以访问我的/download 目录，其他网址不允许
server {
    listen 80;
    server_name www.host1.com;
    charset 'utf-8';

    location / {
        root /codehost1;
        index index.html;
    }

    location /download {
        root /codehost1;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        allow 10.0.0.0/24;
        deny all;
    }
}

访问认证模块 ngx_http_auth_basic_module

1）语法

#注释（没什么卵用）
Syntax:	auth_basic string | off;
Default:	auth_basic off;
Context:	http, server, location, limit_except

#指定认证的文件
Syntax:	auth_basic_user_file file;
Default:	—
Context:	http, server, location, limit_except

2）配置密码

#创建密码文件需要 htpasswd
[root@web02 conf.d]# htpasswd -c /etc/nginx/conf.d/auth_basic linux
New password: 
Re-type new password: 
Adding password for user linux
[root@web02 conf.d]#

#或者使用
[root@web02 conf.d]# htpasswd -c -b /etc/nginx/conf.d/auth_basic linux linux
Adding password for user linux

#密码文件内容
[root@web02 conf.d]# cat auth_basic 
linux:$apr1$LHT3VFfz$0jtY0cGX5gkeSFI84xDvt0

#注意：生成多对密码时，不使用-c参数
[root@web02 conf.d]# htpasswd /etc/nginx/conf.d/auth_basic lhd
New password: 
Re-type new password: 
Adding password for user lhd

[root@web02 conf.d]# cat auth_basic 
lhd:$apr1$GuCSoYQe$nsQhhAiPBrOoa0J3zD/s9.
linux:$apr1$w2AJGlBm$5yatp0GIlwipoYbdE/A2a/

3）配置

server {
    listen 80;
    server_name www.host1.com;
    charset 'utf-8';

    location / {
        root /codehost1;
        index index.html;
    }

    location /download {
        root /codehost1;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        allow 10.0.0.0/24;
        deny all;
        #不配不行
        auth_basic "please input password!";
        auth_basic_user_file /etc/nginx/conf.d/auth_basic;
    }
}

nginx状态模块 ngx_http_stub_status_module

1）语法

Syntax:	stub_status;
Default:	—
Context:	server, location

2）配置

server {
    listen 80;
    server_name www.host1.com;
    charset 'utf-8';

    location / {
        root /codehost1;
        index index.html;
    }

    location /download {
        root /codehost1;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        allow 10.0.0.0/24;
        deny all;
        auth_basic "please input password!";
        auth_basic_user_file /etc/nginx/conf.d/auth_basic;
    }

    location /status {
        stub_status;
    }
}

3）nginx 七种状态

Active connections: 2 
server accepts handled requests
 		 4 		 4 		56 
Reading: 0 Writing: 1 Waiting: 1 

Active connections:		 # 活跃的连接数
accepts					# TCP连接总数
handle					# 成功的TCP连接数
requests				# 请求数

Reading					# 读取请求头部
Writing					# 放回给客户端的头部
Waiting					# 等待的请求数

#注意：一次tcp连接，可以发起多次请求；
keepalive_timeout  0;   #类似于关闭长连接
keepalive_timeout  65;	#最长65秒没有活动则断开连接

连接限制模块 ngx_http_limit_conn_module

1）语法

#设置限制的空间(连接数)
		#调用模块        空间里的内容  空间=空间名字：空间大小
Syntax:	limit_conn_zone      key       zone=name:size;
Default:	—
Context:	http

#调用上面的空间
Syntax:	limit_conn zone number;
Default:	—
Context:	http, server, location

2）配置

http {
	... ...
	limit_conn_zone $remote_addr zone=conn_zone:10m;
	... ...
}

server {
	... ...
	#设置共享内存区域和设置最大允许连接数。当超过此限制时，服务器将返回 错误 以回复请求。
	limit_coon conn_zone 1;
}

请求限制模块 ngx_http_limit_req_module

1）语法

#设置限制请求的空间(频率)
		#模块         空间里保存的内容  空间=空间名称：大小	速率 1r/s
Syntax:	limit_req_zone      key         zone=name:size      rate=rate [sync];
Default:	—
Context:	http

#调用上面空间
Syntax:	limit_req zone=name [burst=number] [nodelay | delay=number];
Default:	—
Context:	http, server, location

nodely	#延时请求

2）配置

limit_req_zone $remote_addr zone=req_zone:1m rate=1r/s;

server {
    listen 80;
    server_name www.host1.com;
    charset 'utf-8';

    location / {
        root /codehost1;
        index index.html;
        limit_req zone=req_zone;
        limit_req_status 412;
    }

    location /download {
        root /codehost1;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        allow 10.0.0.0/24;
        deny all;
        auth_basic "please input password!";
        auth_basic_user_file /etc/nginx/conf.d/auth_basic;
    }

    location /status {
        stub_status;
    }
}

3）测试请求限制

#ab工具
[root@web02 conf.d]# ab -n 20 -c 2 http://www.host1.com/
Server Software:        nginx/1.16.1
Server Hostname:        www.host1.com
Server Port:            80

Document Path:          /
Document Length:        581 bytes

Concurrency Level:      2
Time taken for tests:   0.007 seconds
Complete requests:      20
Failed requests:        19
   (Connect: 0, Receive: 0, Length: 19, Exceptions: 0)
Write errors:           0
Non-2xx responses:      19
Total transferred:      8125 bytes
HTML transferred:       4324 bytes
Requests per second:    3056.70 [#/sec] (mean)
Time per request:       0.654 [ms] (mean)
Time per request:       0.327 [ms] (mean, across all concurrent requests)
Transfer rate:          1212.68 [Kbytes/sec] received

[root@web02 conf.d]# 

Nginx location

使用Nginx Location可以控制访问网站的路径,但一个server可以有多个location配置, 多个location的优先级该如何区分

1.语法

Syntax:	location [ = | ~ | ~* | ^~ | / ] uri { ... }
		location @name { ... }
Default:	—
Context:	server, location

2.location匹配符

匹配符	匹配规则	优先级
=	精确匹配	1
^~	以某个字符串开头	2
~	区分大小写的正则匹配	3
~*	不区分大小写的正则匹配	4
/	通用匹配，任何请求都会匹配到	5

3.验证location匹配顺序

[root@web02 conf.d]# vim testlocation.conf
server {
    listen 80;
    server_name www.linux.com;
    #location / {
    #    default_type text/html;
    #    return 200 "location /";
    #}

    location =/ {
        default_type text/html;
        return 200 "location =/";
    }

   location ~ / {
        default_type text/html;
        return 200 "location ~/";
    }

   location ^~ / {
      default_type text/html;
      return 200 "location ^~";
    }
}

4.验证访问文件

[root@web01 conf.d]# cat testserver.conf 
server {
    listen 80;
    server_name www.server.com;
	location / {
    	root /code;
	}
	 
	location ~ \.php$ {
	    root /php;
	}
	 
	location ~ \.jsp$ {
	    root /jsp;
	}
	 
	location ~* \.(jpg|gif|png|js|css)$ {
	    root /pic;
	}
	 
	location ~* \.(sql|bak|tgz|tar.gz|git)$ {
	    root /package;
	}      
}

www.server.com/1.PHP
www.server.com/2.JPG
www.server.com/3.jsp
www.server.com/4.tGz
www.server.com/5.Gif