Home | 简体中文 | 繁体中文 | 杂文 | Search | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 知乎专栏 | Email

第 2 章 Nginx

目录

2.1. Installing
2.1.1. Installing by apt-get under the debain/ubuntu
2.1.2. CentOS
2.1.2.1. spawn-fcgi script
2.1.2.2. php-fpm
2.1.2.3. fastcgi backend
2.1.3. installing by source
2.1.4. -V show version and configure options then exit
2.1.5. config test
2.1.6. rotate log
2.1.6.1. log shell
2.1.6.2. /etc/logrotate.d/nginx
2.1.7. CentOS 7
2.2. nginx 配置文件
2.2.1. http 配置
2.2.2. events
2.2.3. gzip
2.2.3.1. CDN支持
2.2.4. server_tokens
2.2.5. ssi
2.2.6. server
2.2.6.1. listen
2.2.6.2. 单域名虚拟主机
2.2.6.3. ssl 虚拟主机
2.2.6.4. 泛解析主机
2.2.6.5. location
2.2.6.6. expires
2.2.6.7. access
2.2.6.8. auth_basic
2.2.6.9. autoindex
2.2.6.10. try_files
2.2.6.11. stub_status
2.2.6.12. add_header
2.2.6.13. valid_referers
2.2.7. HTTP2 配置 SSL证书
2.2.7.1. spdy
2.2.7.2. HTTP2
2.2.7.3. 用户访问 HTTP时强制跳转到 HTTPS
2.2.8. rewrite
2.2.8.1. http get 参数处理
2.2.9. upstream 负载均衡
2.2.9.1. weight 权重配置
2.2.10. fastcgi
2.2.10.1. spawn-fcgi
2.2.10.2. php-fpm
2.2.11. return
2.2.12. Nginx 变量
2.2.12.1. $host
2.2.12.2. http_user_agent
2.2.12.3. http_referer
2.2.12.4. request_filename
2.2.12.5. request_uri
2.2.12.6. remote_addr
2.2.12.7. http_cookie
2.2.12.8. request_method
2.2.12.9. invalid_referer
2.2.12.10. 自定义变量
2.2.12.11. if 条件判断
2.3. Proxy
2.3.1. proxy_cache
2.3.2. rewrite + proxy_pass
2.3.3. request_filename + proxy_pass
2.3.4. $request_uri 与 proxy_pass 联合使用
2.3.5. try_files 与 proxy_pass 共用
2.3.6. Proxy 与 SSI
2.3.7. Host
2.3.8. expires
2.3.9. X-Forwarded-For
2.3.10. X-Sendfile
2.3.11. proxy_http_version
2.3.12. proxy_set_header
2.3.13. timeout 超时时间
2.3.14. example
2.3.14.1. upstream 实例
2.3.14.2. Tomcat 实例
2.4. ngx_http_flv_module
2.5. ngx_http_mp4_module
2.6. limit_zone
2.7. image_filter
2.8. Example
2.8.1. Nginx + Tomcat
2.8.2. 拦截index.html
2.9. FAQ
2.9.1. 405 Not Allowed?
2.9.2. 502 Bad Gateway?
2.9.3. 413 Request Entity Too Large
2.9.4. 502 Bad Gateway?
2.9.5. 499 Client Closed Request
2.9.6. proxy_pass
2.9.7. proxy_pass SESSION 丢失问题
2.9.8. [alert] 55785#0: *11449 socket() failed (24: Too many open files) while connecting to upstream
2.9.9. server_name 与 SSI 注意事项
2.9.10. location 跨 document_root 引用,引用 document_root 之外的资源
2.9.11. nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf

2.1. Installing

2.1.1. Installing by apt-get under the debain/ubuntu

			
$ sudo apt-get install nginx
			
			
			
sudo /etc/init.d/nginx start
			
			

2.1.2. CentOS

http://nginx.org/packages/centos/$releasever/$basearch/

$releasever 是版本号

$basearch 处理器架构

http://nginx.org/packages/centos/6/x86_64/

			
cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/x86_64/
gpgcheck=0
enabled=1
EOF
			
			

i386

			
cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/5/i386/
gpgcheck=0
enabled=1
EOF
			
			
yum search nginx
============================================= Matched: nginx =============================================
nginx.x86_64 : high performance web server

yum install -y nginx
chkconfig nginx on
service nginx start
			

2.1.2.1. spawn-fcgi script

yum -y install spawn-fcgi
				

/etc/sysconfig/spawn-fcgi

移除SOCKET与OPTIONS注释, apache改为nginx

# cat /etc/sysconfig/spawn-fcgi
# You must set some working options before the "spawn-fcgi" service will work.
# If SOCKET points to a file, then this file is cleaned up by the init script.
#
# See spawn-fcgi(1) for all possible options.
#
# Example :
SOCKET=/var/run/php-fcgi.sock
OPTIONS="-u apache -g apache -s $SOCKET -S -M 0600 -C 32 -F 1 -P /var/run/spawn-fcgi.pid -- /usr/bin/php-cgi"
				
				
chkconfig spawn-fcgi on
				
				

starting spawn-fcgi

/etc/init.d/spawn-fcgi start
				

check port

# netstat -nl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 :::22                       :::*                        LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     25282  /var/run/php-fcgi.sock
unix  2      [ ACC ]     STREAM     LISTENING     8227   @/com/ubuntu/upstart
				
				

Unix domain socket

location ~ \.php$ { fastcgi_pass unix:/var/run/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name; include fastcgi_params; }

TCP/IP

/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u nginx -g nginx -d /www -C 32 -F 1 -P /var/run/spawn-fcgi.pid -f /usr/bin/php-cgi
				

				
        location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /var/www/nginx-default$fastcgi_script_name;
            include        fastcgi_params;
        }
				
				
# netstat -tulpn | grep :9000
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      26877/php-cgi
				
chkconfig nginx on
				

check config

nginx -t
				

2.1.2.2. php-fpm

rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
yum install nginx -y
				

chkconfig nginx on
				

check config

nginx -t
				
yum -y install mysql mysql-server
yum -y install php php-cgi php-mysql php-mbstring php-gd php-fastcgi
yum -y install perl-DBI perl-DBD-MySQL
				

其他 php-fpm YUM源

rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
				
# rpm -Uvh http://centos.alt.ru/repository/centos/6/i386/centalt-release-6-1.noarch.rpm
# yum update
				

2.1.2.3. fastcgi backend

				
upstream backend  {
  server   localhost:1234;
}

fastcgi_pass   backend;
				
				

2.1.3. installing by source

			
cd /usr/local/src/
wget http://www.nginx.org/download/nginx-1.0.6.tar.gz

./configure --prefix=/usr/local/server/nginx \
--with-openssl=/usr/include \
--with-pcre=/usr/include/pcre/ \
--with-http_stub_status_module \
--without-http_memcached_module \
--without-http_fastcgi_module \
--without-http_rewrite_module \
--without-http_map_module \
--without-http_geo_module \
--without-http_autoindex_module
			
			

rpm 所使用的编译参数

nginx -V
nginx: nginx version: nginx/1.0.6
nginx: built by gcc 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC)
nginx: TLS SNI support enabled
nginx: configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwcgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6
			
# nginx -V
nginx version: nginx/1.2.3
built by gcc 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g'
			

2.1.4. -V show version and configure options then exit

[root@netkiller tmp]# nginx -v
nginx version: nginx/1.10.1

[root@netkiller tmp]# nginx -V
nginx version: nginx/1.10.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=njs-1c50334fbea6/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'

			

2.1.5. config test

$ sudo service nginx configtest
Testing nginx configuration: nginx.
			

2.1.6. rotate log

2.1.6.1. log shell

				
# cat /srv/bin/rotatelog.sh

#!/bin/bash
# run this script at 0:00

#Nginx Log Path
log_dir="/var/log/nginx"
date_dir=`date +%Y/%m/%d/%H`

mkdir -p ${log_dir}/${date_dir} > /dev/null 2>&1
mv ${log_dir}/access.log ${log_dir}/${date_dir}/access.log
mv ${log_dir}/error.log ${log_dir}/${date_dir}/error.log

kill -USR1 `cat /var/run/nginx.pid`

gzip ${log_dir}/${date_dir}/access.log &
gzip ${log_dir}/${date_dir}/error.log &
				
				

2.1.6.2. /etc/logrotate.d/nginx

				
# cat /etc/logrotate.d/nginx
/var/log/nginx/*.log {
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
        endscript
}
				
				

2.1.7. CentOS 7

			
#!/bin/bash
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install -y nginx

cp /etc/nginx/nginx.conf{,.original}

vim /etc/nginx/nginx.conf <<VIM > /dev/null 2>&1
:%s/worker_processes  1;/worker_processes  8;/
:%s/worker_connections  1024;/worker_connections  4096;/
:%s/#gzip/server_tokens off;\r    gzip/
:%s/#gzip/gzip/
:wq
VIM

sed -i '4iworker_rlimit_nofile 65530;' /etc/nginx/nginx.conf

systemctl enable nginx
systemctl start nginx			
			
			

测试配置文件是否正确

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful			
			
comments powered by Disqus