nginx-白红宇

nginx

阅读量：6243 次

发布时间：2019-06-22

本文共 27323 字，大约阅读时间需要 91 分钟。

######nginx#####

###通过源码编译安装nginx###

使用configure，make，make install命令

1 从官网上下载 www.nginx.org 安装包，选稳定版的比较好

安装前要确保系统中有gcc,查看系统是否安装了gcc:

rpm -q gcc

2 tar zxf nginx-1.12.0.tar.gz

3 yum install -y pcre-devel

4 yum insall -y openssl-devel

5 useradd -M -d /usr/local/lnmp/nginx -s /sbin/nologin -u 800 nginx ###创建nginx用户###

6 cd nginx-1.12.0 ###congigure在此目录下

7 ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_modul

#####参数说明####

--prefix=/usr/local/lnmp/nginx ###定义一个能够保存服务文件的目录

--user=nginx ###设定用户，该用户要系统中存在，如果没有设定，默认是nobody###

--group=nginx ###设定组###

--with-threads ###支持线程###

--with-http_ssl_module ###允许加载一个模块，为http添加https支持###

--with-http_stub_status_modul ###允许加载一个模块，提供了nginx基础状态信息的访问接口，连接数量，处理的请求等

8 make && make install

9 cd /usr/local/lnmp/nginx/conf ###nginx默认的配置文件nginx.conf在该目录下###

10 cd /usr/local/lnmp/nginx/sbin/ ###nginx服务在该目录下###

11 ./nginx ###开启服务##

开启时碰到了无法开启的情况：端口被占用

nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

nginx: [emerg] still could not bind()

解决：

由于nginx的默认开启端口是80，查看以下端口的使用情况：

[root@server1 sbin]# netstat -antlupt

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1121/varnishd

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 910/sshd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 986/master

tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 1119/varnishd

tcp 0 0 172.25.78.1:22 172.25.78.250:36468 ESTABLISHED 1050/sshd

tcp 0 0 :::8080 :::* LISTEN 1249/httpd

tcp 0 0 :::80 :::* LISTEN 1121/varnishd

tcp 0 0 :::22 :::* LISTEN 910/sshd

tcp 0 0 ::1:25 :::* LISTEN 986/master

由此可见，varnish占用了80端口，只需将varnish服务关闭，或者修改varnish的端口

[root@server1 sbin]# /etc/init.d/varnish stop

Stopping Varnish Cache: [ OK ]

再次开启nginx服务

[root@server1 sbin]# ./nginx

[root@server1 sbin]# netstat -antlupt | grep nginx

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6323/nginx

测试：

curl -I localhost

[root@server1 sbin]# curl localhost -I

HTTP/1.1 200 OK

Server: nginx/1.12.0 ###版本信息会显示出来，不合理###

Date: Wed, 19 Jul 2017 03:59:11 GMT

Content-Type: text/html

Content-Length: 612

Last-Modified: Wed, 19 Jul 2017 03:57:23 GMT

Connection: keep-alive

ETag: "596ed8a3-264"

Accept-Ranges: bytes

[root@server1 nginx]# pwd

/usr/local/lnmp/nginx

[root@server1 nginx]# du -sh

5.9M .

###由于debug 模式编译存在，因此，会比较大，可以把debug模式编译去掉，编译以后程序只有几百 k###

####为了将版本信息隐藏，并且使编译后的程序只有几百 k，进行重新编译###

1 cd /usr/local/lnmp/nginx/sbin/

./nginx -s stop ###将nginx服务关闭###

2 netstat -antlp ###查看，确认服务关闭##

3 rm -fr /usr/local/lnmp/nginx/ ###删除服务的文件目录###

4 cd nginx-1.12.0

make clean ###重新编译时,需要清除旧的对象文件和缓存信息###

5 rm -fr nginx-1.12.0 ###删除解压目录###

6 tar zxf nginx-1.12.0.tar.gz ###重新解压###

7 cd /root/nginx-1.12.0/src/core

vim nginx.h

内容：

#define nginx_version 1012000

#define NGINX_VERSION "1.12.0"

#define NGINX_VER "nginx/" ###将版本信息删除###

8 cd /root/nginx-1.12.0/auto/cc

vim gcc

内容：

171 # debug

172 #CFLAGS="$CFLAGS -g" 把debug模式编译去掉

9 ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_modul

10 make && make install

11 ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/ ###软连接，更方便访问###

测试：

[root@server1 nginx]# du -sh

988K

[root@server1 nginx]# curl -I localhost

HTTP/1.1 200 OK

Server: nginx/

Date: Thu, 20 Jul 2017 03:19:28 GMT

Content-Type: text/html

Content-Length: 612

Last-Modified: Thu, 20 Jul 2017 03:16:18 GMT

Connection: keep-alive

ETag: "59702082-264"

Accept-Ranges: bytes

具体过程如下：

[root@server1 ~]# tar zxf nginx-1.12.0.tar.gz

[root@server1 ~]# ls

anaconda-ks.cfg install.log.syslog varnish-3.0.5-1.el6.x86_64.rpm

bansys.zip nginx-1.12.0 varnish-libs-3.0.5-1.el6.x86_64.rpm

install.log nginx-1.12.0.tar.gz

[root@server1 ~]# cd nginx-1.12.0

[root@server1 nginx-1.12.0]# ls

auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src

[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module

(省略.....）

出现的问题：

********************************************************************************

checking for PCRE library ... not found

checking for PCRE library in /usr/local/ ... not found

checking for PCRE library in /usr/include/pcre/ ... not found

checking for PCRE library in /usr/pkg/ ... not found

checking for PCRE library in /opt/local/ ... not found

./configure: error: the HTTP rewrite module requires the PCRE library.

You can either disable the module by using --without-http_rewrite_module

option, or install the PCRE library into the system, or build the PCRE library

statically from the source with nginx by using --with-pcre=<path> option.

***********************************************************************************

####由此可见缺少PCRE library，因此要安装pcre-devel#####

[root@server1 nginx-1.12.0]# rpm -q gcc

gcc-4.4.7-4.el6.x86_64

[root@server1 nginx-1.12.0]# yum install -y pcre-devel

[root@server1 nginx-1.12.0]# rpm -q gcc

gcc-4.4.7-4.el6.x86_64

[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module

(省略安装过程.....）

出现的问题：

**************************************************************************

checking for PCRE JIT support ... not found

checking for OpenSSL library ... not found

checking for OpenSSL library in /usr/local/ ... not found

checking for OpenSSL library in /usr/pkg/ ... not found

checking for OpenSSL library in /opt/local/ ... not found

./configure: error: SSL modules require the OpenSSL library.

You can either do not enable the modules, or install the OpenSSL library

into the system, or build the OpenSSL library statically from the source

with nginx by using --with-openssl=<path> option.

**************************************************************************

###由提示可以看出缺少OpenSSL library，因此要安装openssl-devel####

[root@server1 nginx-1.12.0]# yum install -y openssl-devel

[root@server1 ~]# useradd -M -d /usr/local/lnmp/nginx -s /sbin/nologin -u 800 nginx

[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module

(省略安装过程.....）

####没有报错，说明配置成功，一般在安装过程中如果缺少什么，就安装对应的 xxxx-devel,因为devel是c开发包，包含c的头文件和库####

[root@server1 nginx-1.12.0]# make && make install

[root@server1 nginx-1.12.0]# cd /usr/local/lnmp/

[root@server1 lnmp]# ls

nginx

[root@server1 lnmp]# cd nginx/

[root@server1 nginx]# ls

conf html logs sbin

[root@server1 nginx]# du -sh

5.9M .

[root@server1 nginx]# ls

conf html logs sbin

[root@server1 nginx]# cd sbin/

[root@server1 sbin]# ls

nginx

[root@server1 sbin]# ./nginx

[root@server1 sbin]# netstat -antlp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6060/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master

tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd

tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd

tcp 0 0 :::22 :::* LISTEN 900/sshd

tcp 0 0 ::1:25 :::* LISTEN 976/master

[root@server1 sbin]# curl localhost -I

HTTP/1.1 200 OK

Server: nginx/1.12.0 ###版本信息会显示出来，不合理###

Date: Wed, 19 Jul 2017 03:59:11 GMT

Content-Type: text/html

Content-Length: 612

Last-Modified: Wed, 19 Jul 2017 03:57:23 GMT

Connection: keep-alive

ETag: "596ed8a3-264"

Accept-Ranges: bytes

[root@server1 sbin]# ./nginx -s stop

[root@server1 sbin]# netstat -antlp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master

tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd

tcp 0 0 127.0.0.1:59479 127.0.0.1:80 TIME_WAIT -

tcp 0 0 127.0.0.1:59481 127.0.0.1:80 TIME_WAIT -

tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd

tcp 0 0 :::22 :::* LISTEN 900/sshd

tcp 0 0 ::1:25 :::* LISTEN 976/master

[root@server1 sbin]# cd /usr/local/

[root@server1 local]# cd lnmp/

[root@server1 lnmp]# rm -fr nginx/

[root@server1 ~]# cd nginx-1.12.0

[root@server1 nginx-1.12.0]# make clean

rm -rf Makefile objs

[root@server1 nginx-1.12.0]# cd ..

[root@server1 ~]# rm -fr nginx-1.12.0

[root@server1 ~]# ls

anaconda-ks.cfg nginx-1.12.0.tar.gz

bansys.zip varnish-3.0.5-1.el6.x86_64.rpm

install.log varnish-libs-3.0.5-1.el6.x86_64.rpm

install.log.syslog

[root@server1 ~]# tar zxf nginx-1.12.0.tar.gz

[root@server1 ~]# ls

anaconda-ks.cfg nginx-1.12.0

bansys.zip nginx-1.12.0.tar.gz

install.log varnish-3.0.5-1.el6.x86_64.rpm

install.log.syslog varnish-libs-3.0.5-1.el6.x86_64.rpm

[root@server1 ~]# cd nginx-1.12.0

[root@server1 nginx-1.12.0]# ls

auto CHANGES.ru configure html man src

CHANGES conf contrib LICENSE README

[root@server1 nginx-1.12.0]# cd src/

[root@server1 src]# ls

core event http mail misc os stream

[root@server1 src]# cd core/

[root@server1 core]# vim nginx.h

[root@server1 core]# cd ..

[root@server1 src]# cd ..

[root@server1 nginx-1.12.0]# cd auto/

[root@server1 auto]# ls

cc have init module os threads

define have_headers install modules sources types

endianness headers lib nohave stubs unix

feature include make options summary

[root@server1 auto]# cd cc/

[root@server1 cc]# ls

acc bcc ccc clang conf gcc icc msvc name owc sunc

[root@server1 cc]# vim gcc

[root@server1 cc]# cd ..

[root@server1 auto]# cd ..

[root@server1 nginx-1.12.0]# ls

auto CHANGES.ru configure html man src

CHANGES conf contrib LICENSE README

[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module

[root@server1 nginx-1.12.0]# make && make install

[root@server1 nginx-1.12.0]# cd /usr/local/lnmp/nginx/

[root@server1 nginx]# ls

conf html logs sbin

[root@server1 nginx]# du -sh

960K .

[root@server1 nginx]# cd sbin/

[root@server1 sbin]# ls

nginx

[root@server1 sbin]# ./nginx

[root@server1 sbin]# pwd

/usr/local/lnmp/nginx/sbin

[root@server1 sbin]# ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/

[root@server1 sbin]# which nginx

/sbin/nginx

[root@server1 sbin]# curl -I localhost

HTTP/1.1 200 OK

Server: nginx/

Date: Wed, 19 Jul 2017 04:07:59 GMT

Content-Type: text/html

Content-Length: 612

Last-Modified: Wed, 19 Jul 2017 04:05:33 GMT

Connection: keep-alive

ETag: "596eda8d-264"

Accept-Ranges: bytes

###使用yum安装时应该要看安装时的脚本，防止一些流氓软件###

以httpd为例：

[root@server1 lnmp]# rpm -q --scripts httpd

preinstall scriptlet (using /bin/sh): ###安装前执行的脚本##

# Add the "apache" user

getent group apache >/dev/null || groupadd -g 48 -r apache

getent passwd apache >/dev/null || \

useradd -r -u 48 -g apache -s /sbin/nologin \

-d /var/www -c "Apache" apache

exit 0

postinstall scriptlet (using /bin/sh): ###安装后执行的脚本##

# Register the httpd service

/sbin/chkconfig --add httpd

/sbin/chkconfig --add htcacheclean

preuninstall scriptlet (using /bin/sh):

if [ $1 = 0 ]; then

/sbin/service httpd stop > /dev/null 2>&1

/sbin/chkconfig --del httpd

/sbin/service htcacheclean stop > /dev/null 2>&1

/sbin/chkconfig --del htcacheclean

posttrans scriptlet (using /bin/sh):

test -f /etc/sysconfig/httpd-disable-posttrans || \

/sbin/service httpd condrestart >/dev/null 2>&1 || :

[root@server1 lnmp]# rpm -qi httpd ###查看httpd的信息##

Name : httpd Relocations: (not relocatable)

Version : 2.2.15 Vendor: Red Hat, Inc.

Release : 29.el6_4 Build Date: Fri 02 Aug 2013 08:03:06 PM CST

Install Date: Wed 19 Jul 2017 09:34:59 AM CST Build Host: x86-002.build.bos.redhat.com

Group : System Environment/Daemons Source RPM: httpd-2.2.15-29.el6_4.src.rpm

Size : 3075393 License: ASL 2.0

Signature : RSA/8, Mon 12 Aug 2013 09:49:45 PM CST, Key ID 199e2f91fd431d51

Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>

URL : http://httpd.apache.org/

Summary : Apache HTTP Server

Description :

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

####nginx绑定cpu###

1 vim /usr/local/lnmp/nginx/conf/nginx.conf

内容：

worker_processes 2; ###表示开启两个nginx进程###

worker_cpu_affinity 01 10; ###第一个进程对应第一个cpu内核，第二个进程对应第二个cpu内核###

events {

worker_connections 65535; ###允许连接进程的最大数,不能大于fs.file-max的数###

}

2 nginx -t ###查看配置文件是否有语法错误###

3 nginx -s reload ###重新加载nginx###

4 vim /etc/security/limits.conf ###在该文件下编写才会生效###

nginx - nofile 65535

测试：

切换到nginx用户，执行ulimit -a

(在切换前，要将nginx用户改成可以登入usermod -s /bin/bash nginx)

[root@server1 ~]# su - nginx

-bash-4.1$ ulimit -a

core file size (blocks, -c) 0

data seg size (kbytes, -d) unlimited

scheduling priority (-e) 0

file size (blocks, -f) unlimited

pending signals (-i) 14868

max locked memory (kbytes, -l) 64

max memory size (kbytes, -m) unlimited

open files (-n) 65535 ###发现已经改变成了65535###

pipe size (512 bytes, -p) 8

POSIX message queues (bytes, -q) 819200

real-time priority (-r) 0

stack size (kbytes, -s) 10240

cpu time (seconds, -t) unlimited

max user processes (-u) 1024

virtual memory (kbytes, -v) unlimited

file locks (-x) unlimited

-bash-4.1$

##nginx -s reload##有多少核就有几位数，2核是01，四核是0001，8核是00000001，以此类推###

[root@server1 conf]# sysctl -a | grep file ###sysctl -a指显示所有的系统参数###

fs.file-nr = 512 0 188464

fs.file-max = 188464

####nginx建立虚拟主机###

默认发布目录：

/usr/local/lnmp/nginx/html

1 vim /usr/local/lnmp/nginx/conf/nginx.conf

内容:注意该内容要写在http下

server {

listen 80; ###访问80端口###

server_name www.westos.org; ###服务器名称###

location / {

root /web1; ###发布目录###

index index.html; ###网页###

}

2 mkdir /web1

3 vim /web1/index.html

内容：

<h1>www.westos.org</h1>

4 nginx -s reload

测试：

具体过程如下：

[root@server1 lnmp]# cd /usr/local/lnmp/nginx/conf/

[root@server1 conf]# ls

fastcgi.conf koi-win scgi_params

fastcgi.conf.default mime.types scgi_params.default

fastcgi_params mime.types.default uwsgi_params

fastcgi_params.default nginx.conf uwsgi_params.default

koi-utf nginx.conf.default win-utf

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -s reload

[root@server1 conf]# nginx -t

nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful

[root@server1 conf]# nginx -s reload

[root@server1 conf]# netstat -antlp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8673/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master

tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd

tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd

tcp 0 0 :::22 :::* LISTEN 900/sshd

tcp 0 0 ::1:25 :::* LISTEN 976/master

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# sysctl -a | grep file

fs.file-nr = 544 0 188464

fs.file-max = 188464

[root@server1 conf]# ulimit -a

core file size (blocks, -c) 0

data seg size (kbytes, -d) unlimited

scheduling priority (-e) 0

file size (blocks, -f) unlimited

pending signals (-i) 14868

max locked memory (kbytes, -l) 64

max memory size (kbytes, -m) unlimited

open files (-n) 1024

pipe size (512 bytes, -p) 8

POSIX message queues (bytes, -q) 819200

real-time priority (-r) 0

stack size (kbytes, -s) 10240

cpu time (seconds, -t) unlimited

max user processes (-u) 14868

virtual memory (kbytes, -v) unlimited

file locks (-x) unlimited

[root@server1 conf]# id

uid=0(root) gid=0(root) groups=0(root)

[root@server1 conf]# vim /etc/security/limits.conf

[root@server1 conf]# usermod -s /bin/bash nginx

[root@server1 conf]# su - nginx

-bash-4.1$ ulimit -a

core file size (blocks, -c) 0

data seg size (kbytes, -d) unlimited

scheduling priority (-e) 0

file size (blocks, -f) unlimited

pending signals (-i) 14868

max locked memory (kbytes, -l) 64

max memory size (kbytes, -m) unlimited

open files (-n) 1024

pipe size (512 bytes, -p) 8

POSIX message queues (bytes, -q) 819200

real-time priority (-r) 0

stack size (kbytes, -s) 10240

cpu time (seconds, -t) unlimited

max user processes (-u) 1024

virtual memory (kbytes, -v) unlimited

file locks (-x) unlimited

-bash-4.1$ exit

logout

[root@server1 conf]# usermod -s /sbin/nologin nginx

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -t ###查看是否有语法错误##

nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful

[root@server1 conf]# nginx -s reload ###重新加载###

[root@server1 conf]# mkdir /web1

[root@server1 conf]# cd /web1/

[root@server1 web1]# ls

[root@server1 web1]# vim index.html

[root@server1 web1]# nginx -s reload

[root@server1 web1]# cd /usr/local/lnmp/

[root@server1 lnmp]# ls

nginx

[root@server1 lnmp]# cd nginx/

[root@server1 nginx]# ls

client_body_temp fastcgi_temp logs sbin uwsgi_temp

conf html proxy_temp scgi_temp

[root@server1 nginx]# cd html/

[root@server1 html]# ls

50x.html index.html

####https####

端口为443，配置前要确认安装了openssl和openssl-devel，由于之前源码编译时已经安装过，所以在这里就不用再次安装。

信任主机的问题. 采用https 的server 必须从CA 申请一个用于证明服务器用途类型的证书

希望服务器与客户端之间传输内容是加密的，防止中间监听泻露信息，就可以用https进行访问的加密。如果用于内部人员的访问，可以自己颁发证书。

1 cd /etc/pki/tls/certs/

2 make cert.pem ###产生证书和密钥，用该命令会将证书和key放在一个文件里，这样在nginx的配置文件里就不用写两个文件###

【过程：

umask 77 ; \

PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \

PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \

/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \

cat $PEM1 > cert.pem ; \

echo "" >> cert.pem ; \

cat $PEM2 >> cert.pem ; \

rm -f $PEM1 $PEM2

Generating a 2048 bit RSA private key

........................................................+++

..............................+++

writing new private key to '/tmp/openssl.UVFnm7'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:cn

State or Province Name (full name) []:shaanxi

Locality Name (eg, city) [Default City]:xi'an

Organization Name (eg, company) [Default Company Ltd]:westos

Organizational Unit Name (eg, section) []:linux

Common Name (eg, your name or your server's hostname) []:server1

Email Address []:root@westos.org

】

3 mv /etc/pki/tls/certs/cert.pem /usr/local/lnmp/nginx/conf/ ###在nginx中的配置文件里，给的是相对地址，因此要将其移到配置文件的目录下###

4 vim /usr/local/lnmp/nginx/conf/nginx.conf

内容：

server {

listen 443 ssl;

server_name www.westos.org;

ssl_certificate cert.pem;

ssl_certificate_key cert.pem;

ssl_session_cache shared:SSL:1m;

ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

location / {

root /web1;

index index.html index.htm;

}

8 nginx -s reload

测试：

登入https://172.25.38.1

具体过程如下:

[root@server1 conf]# cd /etc/pki/tls/certs/

[root@server1 certs]# ls

ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert

[root@server1 certs]# make cert.pem

umask 77 ; \

PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \

PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \

/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \

cat $PEM1 > cert.pem ; \

echo "" >> cert.pem ; \

cat $PEM2 >> cert.pem ; \

rm -f $PEM1 $PEM2

Generating a 2048 bit RSA private key

........................................................+++

..............................+++

writing new private key to '/tmp/openssl.UVFnm7'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:cn

State or Province Name (full name) []:shaanxi

Locality Name (eg, city) [Default City]:xi'an

Organization Name (eg, company) [Default Company Ltd]:westos

Organizational Unit Name (eg, section) []:linux

Common Name (eg, your name or your server's hostname) []:server1

Email Address []:root@westos.org

[root@server1 certs]# ll

total 1716

-rw-r--r--. 1 root root 753868 Sep 4 2013 ca-bundle.crt

-rw-r--r--. 1 root root 974993 Sep 4 2013 ca-bundle.trust.crt

-rw------- 1 root root 3088 Jul 19 15:31 cert.pem

-rw------- 1 root root 1383 Jul 19 15:29 localhost.crt

-rwxr-xr-x. 1 root root 610 Sep 27 2013 make-dummy-cert

-rw-r--r--. 1 root root 2242 Sep 27 2013 Makefile

-rwxr-xr-x. 1 root root 829 Sep 27 2013 renew-dummy-cert

[root@server1 certs]# ll cert.pem

-rw------- 1 root root 3088 Jul 19 15:31 cert.pem

[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/ ###在nginx中的配置文件里，给的是相对地址，因此要将其移到配置文件的目录下###

[root@server1 certs]# cd /usr/local/lnmp/nginx/conf/

[root@server1 conf]# ls

cert.pem koi-win scgi_params.default

fastcgi.conf mime.types uwsgi_params

fastcgi.conf.default mime.types.default uwsgi_params.default

fastcgi_params nginx.conf win-utf

fastcgi_params.default nginx.conf.default

koi-utf scgi_params

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -t

nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful

[root@server1 conf]# nginx -s reload

[root@server1 conf]# netstat -antlp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8673/nginx

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8673/nginx

tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd

tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd

tcp 0 0 :::22 :::* LISTEN 900/sshd

tcp 0 0 ::1:25 :::* LISTEN 976/master

###网页重写###

当访问www.westos.org时重写成https://www.westos.org

1 vim /usr/local/lnmp/nginx/conf/nginx.conf

内容：

server {

listen 443 ssl;

server_name www.westos.org;

ssl_certificate cert.pem;

ssl_certificate_key cert.pem;

ssl_session_cache shared:SSL:1m;

ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

location / {

root /web1;

index index.html index.htm;

}

server {

listen 80;

server_name www.westos.org;

rewrite ^(.*)$ https://www.westos.org$1 permanent; ###把你输入的url重定向成https://www.westos.org，permanent表示永久重定向，redirect表示临时重定向，$1表示可以指定访问www.westos.org的目录###

}

2 nginx -s reload

3 vim /web1/admin/index.html

内容：

admin page

测试：

访问www.westos.org和www.westos.org/admin

###监控连接数###

在源码编译nginx的时候编译了--with-http_stub_status_modul该模块，nginx的监控就是该模块的应用

1 vim /usr/local/lnmp/nginx/conf/nginx.conf

内容：

server {

listen 80;

server_name localhost;

location /status { ###/status是一个监控的模块，在源码安装时导入的模块####

stub_status on;

access_log off;

allow 172.25.38.2; ###允许172.25.38.2主机连接##

deny all; ###拒绝除了172.25.38.2之外的其他主机连接，allow和deny有访问的优先顺序###

}

2 nginx -s reload

测试:

访问http://172.25.38.1/status

Active connections: 1

server accepts handled requests

9 9 10

Reading: 0 Writing: 1 Waiting: 0

####负载均衡###

1 vim /usr/local/lnmp/nginx/conf/nginx.conf

内容：

http {

upstream westos{ ###westos就是一个别名###

server 172.25.38.2:80 ; ###访问后端服务器的80端口###

server 172.25.38.3:8080; ###访问后端服务器的8080端口##

server 127.0.0.1:8000 backup; ###当后端服务器全挂了之后，就会访问本地的index.html文件(提示系统正在维护中。。。)###

}

server {

listen 80;

server_name www.westos.org;

location / {

proxy_pass http://westos; ###默认是轮询

}

2 vim /var/www/html/index.html

内容:

系统正在维护中。。。

####负载均衡指定权重weight###

upstream westos{

server 172.25.38.2:80 weight=2; ###指定访问两次172.25.38.2，再访问172.25.38.3一次###

server 172.25.38.3:8080;

#server 127.0.0.1:8000 backup;

}

###ip_hash###

只要来源为同一个ip的都会被指定到同一个后端服务器，不用加权重，不支持backup###

upstream westos{

ip_hash;

server 172.25.38.2:80

server 172.25.38.3:8080;

}

具体过程如下：

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -t

nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful

[root@server1 conf]# nginx -s reload

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -t

nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful

[root@server1 conf]# nginx -s reload

[root@server1 conf]# cd /web1/

[root@server1 web1]# ls

index.html

[root@server1 web1]# mkdir admin

[root@server1 web1]# ls

admin index.html

[root@server1 web1]# cd admin/

[root@server1 admin]# ls

[root@server1 admin]# vim index.html

[root@server1 admin]# cd /usr/local/

[root@server1 local]# ls

bin etc games include lib lib64 libexec lnmp sbin share src

[root@server1 local]# cd lnmp/nginx/conf/

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -t

nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful

[root@server1 conf]# nginx -s reload

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -s reload

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -s reload

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# vim /etc/httpd/conf/httpd.conf

[root@server1 conf]# /etc/init.d/httpd restart

Stopping httpd: [FAILED]

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.1 for ServerName

[ OK ]

[root@server1 conf]# /etc/init.d/httpd start

Starting httpd:

[root@server1 conf]# /etc/init.d/httpd restart

Stopping httpd: [ OK ]

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.1 for ServerName

[ OK ]

[root@server1 conf]# nginx -s reload

[root@server1 conf]# cd /var/www/html/

[root@server1 html]# ls

class_socket.php config.php index.php purge_action.php static

[root@server1 html]# rm -fr *

[root@server1 html]# vim /index.html

[root@server1 html]# /etc/init.d/httpd restart

Stopping httpd: [ OK ]

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.1 for ServerName

[ OK ]

[root@server1 html]# ls

[root@server1 html]# mv /index.html ./

[root@server1 html]# ls

index.html

[root@server1 html]# cd /usr/local/

bin/ games/ lib/ libexec/ sbin/ src/

etc/ include/ lib64/ lnmp/ share/

[root@server1 html]# cd /usr/local/lnmp/nginx/conf/

[root@server1 conf]# ls

cert.pem koi-win scgi_params.default

fastcgi.conf mime.types uwsgi_params

fastcgi.conf.default mime.types.default uwsgi_params.default

fastcgi_params nginx.conf win-utf

fastcgi_params.default nginx.conf.default

koi-utf scgi_params

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -s reload

[root@server1 conf]# vim nginx.conf

[root@server1 conf]# nginx -s reload

转载于:https://blog.51cto.com/12774272/1949538

你可能感兴趣的文章

清北NOIP训练营集训笔记——图论

查看>>

oracle ORA-00060死锁查询、表空间扩容

查看>>

转载自https://github.com/jsfront/src/blob/master/css.md

查看>>

MySQL索引优化分析（上）

查看>>

jquery $().each,$.each的区别

查看>>

sql server 2000/2005 游标的使用操作(转)

查看>>

Tomcat 部署 Web 通过 ip 直接访问项目

Xcode 控制台打印Unicode字符串转换为中文

查看>>

Codeforces 831C--Jury Marks （思维）

查看>>

oracle内存结构+系统全局区+程序全局区（pga）+排序区+大型池+java池

查看>>

成长7 - lambda，filter，map的运用

查看>>

New Concept English Two 18 46

【OpenFOAM】——OpenFOAM入门算例学习

查看>>

STL UVA 11991 Easy Problem from Rujia Liu?

查看>>