


  • 一、Nginx基础配置
    • (1)配置文件
    • (2)Nginx日志配置
  • 二、Nginx常用优化
    • (1)Nginx状态监控
    • (2)Nginx配置下载站点
    • (3)Nginx访问限制
    • (4)Nginx访问控制
    • (5)Nginx虚拟主机



[[email protected] ~]# hostnamectl set-hostname rzy
[[email protected] ~]# su 
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# setenforce 0
setenforce: SELinux is disabled
[[email protected] ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙
       /dev/sr0 已经挂载到 /mnt 上

[[email protected] ~]# yum -y install pcre-devel zlib-devel  #安装前提软件
[[email protected] ~]# ll
总用量 1020
-rw-------. 1 root root    1264 1月  12 18:27 anaconda-ks.cfg
-rw-r--r--  1 root root 1039530 4月  21 23:48 nginx-1.18.0.tar.gz
[[email protected] ~]# tar xf nginx-1.18.0.tar.gz  -C /usr/src/
[[email protected] ~]# cd /usr/src/nginx-1.18.0/
[[email protected] nginx-1.18.0]# useradd -M -s /sbin/nologin  nginx
[[email protected] nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module && make && make install 
[[email protected] nginx-1.18.0]# cd
[[email protected] ~]# cd /usr/local/nginx/conf/
[[email protected] conf]# cp nginx.conf nginx.conf.bak #做一个配置文件的备份
[[email protected] conf]# ll | grep nginx.conf  #确认备份成功
-rw-r--r-- 1 root root 2656 4月  21 23:51 nginx.conf
-rw-r--r-- 1 root root 2656 4月  21 23:52 nginx.conf.bak
-rw-r--r-- 1 root root 2656 4月  21 23:51 nginx.conf.default
[[email protected] conf]# sed -i '/#/d' nginx.conf  #删除包含#的行
[[email protected] conf]# sed -i '/^$/d' nginx.conf  #删除空行
[[email protected] conf]# vim nginx.conf 
  1 worker_processes  1;    #工作进程,这个要和本机cpu核心的个数保持一致
  2 events {     #event区域,这个区域还可以指定nginx使用的IO模型,使用use指定,默认为epoll
  3     worker_connections  1024;  #表示每个进程可以处理的最大连接数量,即tcp连接
  4 }
  5 http {   #http区域,即网站区域
  6    include       mime.types;  
  7     default_type  application/octet-stream;
  8     sendfile        on;   #零拷贝,默认开启
  9     keepalive_timeout  65;  #长连接的超时时间,以秒为单位
 10     server {   #虚拟主机区域
 11         listen       80;   #监听的端口
 12         server_name  localhost;   #指定域名
 13         location / {   #location资源区域,指定用户访问什么资源时生效什么配置,location /即根,默认匹配,即用户不管访问什么资源都生效
 14             root   html;   #指定存放网页的路径,默认是html,这是一个相对路径,实际路径就是Nginx的安装目录下的html
 15             index  index.html index.htm;  #指定默认访问的首页文件
 16         }
 17         error_page   500 502 503 504  /50x.html;  #指定错误代码,当状态码为指定的数字时,就重定向到指定的网页
 18         location = /50x.html {  #指定用户访问的资源,=为精确匹配
 19             root   html;  #指定存放的目录
 20         }
 21     }
 22 }


  • 配置文件中,以{}来分为各种不同的区域,每个区域分别生效每个区域的配置,那么不在区域中的配置也就是{}外的配置就是main全局配置,即不管用户做什么事情全局配置都生效,常用的就是http{}网站区域,而http{}中又包含server{}虚拟主机区域,每个server{}都是一个虚拟主机,在server{}中,又包含了location{}资源区域,当用户访问location指定的资源时,location{}中的配置才会生效。
  • 每一个区域都有着相应的嵌套关系,例如http{}中的配置会对每个server{}区域生效,当然也对每个server{}中的location{}区域生效,而只在server{}区域中的配置,只有对location{}生效,对http{}不生效
  • 嵌套关系:main全局配置——http{}——server{}——location{}


[[email protected] ~]# ln -s /usr/local/nginx/sbin/nginx  /usr/local/sbin/  #优化nginx命令执行路径
[[email protected] ~]# vim /usr/lib/systemd/system/nginx.service   #编写Nginx的启动脚本

ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop

[[email protected] ~]# systemctl start nginx
[[email protected] ~]# netstat -anpt | grep nginx
tcp        0      0    *               LISTEN      3749/nginx: master  
[[email protected] ~]# echo "aaaa" > /usr/local/nginx/html/index.html  #编写页面
[[email protected] ~]# curl #访问本地

[[email protected] ~]# curl -v  #  >就是请求报文,<就是返回报文
* About to connect() to port 80 (#0)
*   Trying
* Connected to ( port 80 (#0)
> GET / HTTP/1.1     #依次是请求方式GET, 请求资源 /  ,请求使用的协议 HTTP/1.1
> User-Agent: curl/7.29.0  #请求的方式,这里一般是浏览器的版本,curl就是我们刚才使用的curl工具
> Host:   #访问的目的ip
> Accept: */*
< HTTP/1.1 200 OK    #依次是返回使用协议HTTP/1.1 ,状态码200 ok
< Server: nginx/1.18.0  #返回的服务器的web版本
< Date: Wed, 21 Apr 2021 16:24:36 GMT  #返回报文的时间
< Content-Type: text/html  #返回的数据类型
< Content-Length: 5  #返回数据的大小(字节数)
< Last-Modified: Wed, 21 Apr 2021 16:23:15 GMT #最近一次服务器修改配置文件的日期
< Connection: keep-alive  #连接模式,keep-alive长连接
< ETag: "60805173-5"
< Accept-Ranges: bytes
aaaa  #具体的数据
* Connection #0 to host left intact

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf.bak 
 21     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
 22     #                  '$status $body_bytes_sent "$http_referer" '
 23     #                  '"$http_user_agent" "$http_x_forwarded_for"';
 25     #access_log  logs/access.log  main;



  • 必要的模块:–with-http_stub_status_module

- 可以配置在主配置文件的区域:server、location

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf  #在server区域添加一个新的location
  1 worker_processes  1;
  2 events {
  3     worker_connections  1024;
  4 }
  5 http {
  6     include       mime.types;
  7     default_type  application/octet-stream;
  8     sendfile        on;
  9     keepalive_timeout  65;
 10     server {
 11         listen       80;
 12         server_name  localhost;
 13         location / {
 14             root   html;
 15             index  index.html index.htm;
 16         }
 17         location /aaa {
 18             stub_status on;
 19             access_log off;
 20         }
 21         error_page   500 502 503 504  /50x.html;
 22         location = /50x.html {
 23             root   html;
 24         }
 25     }
 26 }
[[email protected] ~]# nginx -s reload  #重载nginx,使修改的配置文件生效
[[email protected] ~]# curl #访问本地,指定刚才配置了状态监控的资源
Active connections: 1   #当前活跃连接数
server accepts handled requests
 3 3 3 #依次表示,总共接受的TCP连接次数,处理的TCP连接次数,总共的请求数量,当第一个和第二个不相同时,可以使用第二个减去第一个得到失败tcp连接次数
Reading: 0 Writing: 1 Waiting: 0 


  • 当我们访问一下软件的官网,比如Nginx的官网,里面可以看到很多目录并且资源包都是点一下就可以下载,Nginx的官网就是一个下载站点

- 注意:Nginx默认是不允许列出整个目录和下载的

- 可以配置的区域:http,server,location

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
  1 worker_processes  1;
  2 events {
  3     worker_connections  1024;
  4 }
  5 http {
  6     include       mime.types;
  7     default_type  application/octet-stream;
  8     sendfile        on;
  9     keepalive_timeout  65;
 10     server {
 11         listen       80;
 12         server_name  localhost;
 13         location / {
 14             root   html;
 15             autoindex on;  #开启下载站点
 16         }
 17      }  
 28 }    
[[email protected] ~]# cd /usr/local/nginx/html/ 
[[email protected] html]# nginx -t #测试nginx语句是否正确
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] html]# systemctl restart nginx  #重启服务
[[email protected] html]# rm -rf index.html    #删除原本的网页
[[email protected] html]# mkdir aaa   #创建两个目录,上传一个资源
[[email protected] html]# mkdir bbb
[[email protected] html]# mv /root/nginx-1.18.0.tar.gz .
[[email protected] html]# ll
总用量 1024
-rw-r--r-- 1 root root     494 4月  21 23:51 50x.html
drwxr-xr-x 2 root root       6 4月  22 02:22 aaa
drwxr-xr-x 2 root root       6 4月  22 02:22 bbb
-rw-r--r-- 1 root root       5 4月  22 00:23 index.html
-rw-r--r-- 1 root root 1039530 4月  21 23:48 nginx-1.18.0.tar.gz




[[email protected] html]# vim /usr/local/nginx/conf/nginx.conf 
  1 worker_processes  1;
  2 events {
  3     worker_connections  1024;
  4 }
  5 http {
  6     include       mime.types;
  7     default_type  application/octet-stream;
  8     sendfile        on;
  9     keepalive_timeout  65;
 10     server {
 11         listen       80;
 12         server_name  localhost;
 13         location / {
 14             root   html;
 15             autoindex on;     #开启下载站点
 16             autoindex_exact_size off; #显示文件大小的格式,off可以显示单位,on开启直接以bytes比特为默认单位
 17         }
 18      }
 19 }
[[email protected] html]# nginx -t #测试nginx语句是否正确
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] html]# systemctl restart nginx #重启nginx服务




  • 使用的模块:(ngxin默认已经安装)
limit_conn_module 这个模块可以限制访问Nginx的客户端在单一时间可以发起的TCP连接数量(单个客户端、单个ip地址)
limit_req_module 这个模块可以限制访问Nginx的客户端在单一时间可以发起的HTTP请求数量(单个客户端,单个ip地址)
  • http协议的连接和请求流程:
  • HTTP协议的连接和请求
HTTP协议版本 连接关系
HTTP1.0 TCP连接不能多次使用
HTTP1.1 TCP可以按顺序多次使用
HTTP2.0 TCP可以多次使用,多路复用


[[email protected] ~]# cd /usr/src/nginx-1.18.0/
[[email protected] nginx-1.18.0]# ll
总用量 764
drwxr-xr-x 6 1001 1001    326 4月  21 23:50 auto
-rw-r--r-- 1 1001 1001 302863 4月  21 2020 CHANGES
-rw-r--r-- 1 1001 1001 462213 4月  21 2020 CHANGES.ru
drwxr-xr-x 2 1001 1001    168 4月  21 23:50 conf
-rwxr-xr-x 1 1001 1001   2502 4月  21 2020 configure
drwxr-xr-x 4 1001 1001     72 4月  21 23:50 contrib
drwxr-xr-x 2 1001 1001     40 4月  21 23:50 html
-rw-r--r-- 1 1001 1001   1397 4月  21 2020 LICENSE
-rw-r--r-- 1 root root    376 4月  21 23:51 Makefile
drwxr-xr-x 2 1001 1001     21 4月  21 23:50 man
drwxr-xr-x 3 root root    174 4月  21 23:51 objs
-rw-r--r-- 1 1001 1001     49 4月  21 2020 README
drwxr-xr-x 9 1001 1001     91 4月  21 23:50 src
[[email protected] nginx-1.18.0]# cat auto/options  | grep "HTTP_LIMIT_CONN=YES"  #查看是否有模块
[[email protected] nginx-1.18.0]# cat auto/options  | grep "HTTP_LIMIT_REQ=YES" #查看是否有模块

[[email protected] nginx-1.18.0]# vim /usr/local/nginx/conf/nginx.conf #修改配置文件
  1 worker_processes  1;
  2 events {
  3     worker_connections  1024;
  4 }
  5 http {
  6     include       mime.types;
  7     default_type  application/octet-stream;
  8     sendfile        on;
  9     keepalive_timeout  65;
 10     limit_conn_zone $binary_remote_addr zone=conn_zone:10m; #同一时刻只允许一个客户端连接
 11     server {
 12         listen       80;
 13         server_name  localhost;
 14         location / {
 15             root   html;
 16             limit_conn conn_zone 1;  #统一时刻只允许一个客户端连接
 17         }
 18      }
 19 }
[[email protected] nginx-1.18.0]# yum -y install httpd-tools #安装ab压力测试工具
[[email protected] nginx-1.18.0]# cd
[[email protected] ~]# cd /usr/local/nginx/html/
[[email protected] html]# ll
总用量 1020
-rw-r--r-- 1 root root     494 4月  21 23:51 50x.html
drwxr-xr-x 2 root root       6 4月  22 02:22 aaa
drwxr-xr-x 2 root root       6 4月  22 02:22 bbb
-rw-r--r-- 1 root root 1039530 4月  21 23:48 nginx-1.18.0.tar.gz
[[email protected] html]# echo "1111" > index.html
[[email protected] html]# curl
[[email protected] html]# systemctl restart nginx

[[email protected] html]# vim /usr/local/nginx/conf/nginx.conf
  1 worker_processes  1;
  2 events {
  3     worker_connections  1024;
  4 }
  5 http {
  6     include       mime.types;
  7     default_type  application/octet-stream;
  8     sendfile        on;
  9     keepalive_timeout  65;
 10     limit_req_zone $binary_remote_addr zone=req_zone:10m rate=30r/m; #限制速率,每秒最多30个请求
 11     server {
 12         listen       80;
 13         server_name  localhost;
 14         location / {
 15             root   html;
 16             limit_req zone=req_zone ; #指定req模块的区域为req_zone和上面的相同
 17         }
 18      }
 19 }
[[email protected] html]# systemctl restart nginx
[[email protected] html]# ab -n200 -c20  #进行测试
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking (be patient)
Completed 100 requests
Completed 200 requests
Finished 200 requests

Server Software:        nginx/1.18.0
Server Hostname:
Server Port:            80

Document Path:          /index.html
Document Length:        5 bytes

Concurrency Level:      20
Time taken for tests:   0.007 seconds
Complete requests:      200
Failed requests:        199   #失败199就表示测试成功了,因为每秒请求最多30个,因为所用时间就0.007秒,只成功了一个
   (Connect: 0, Receive: 0, Length: 199, Exceptions: 0)
Write errors:           0
Non-2xx responses:      199
Total transferred:      73665 bytes
HTML transferred:       39208 bytes
Requests per second:    29779.63 [#/sec] (mean)
Time per request:       0.672 [ms] (mean)
Time per request:       0.034 [ms] (mean, across all concurrent requests)
Transfer rate:          10711.51 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.1      0       1
Processing:     0    0   0.1      0       1
Waiting:        0    0   0.1      0       0
Total:          0    1   0.1      1       1

Percentage of the requests served within a certain time (ms)
  50%      1
  66%      1
  75%      1
  80%      1
  90%      1
  95%      1
  98%      1
  99%      1
 100%      1 (longest request)




  • 使用的模块:
http_access_module 基于IP的访问控制
http_auth_basic_module 基于用户登录认证
  • 可以配置的区域:http.server,location,limit_except
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
  1 worker_processes  1;
  2 events {
  3     worker_connections  1024;
  4 }
  5 http {
  6     include       mime.types;
  7     default_type  application/octet-stream;
  8     sendfile        on;
  9     keepalive_timeout  65;
 10     server {
 11         listen       80;
 12         server_name  localhost;
 13         location / { 
 14             root   html;
 15             index index.html;
 16             deny;  #拒绝100.230地址
 17             allow all;             #允许所有
 18         }
 19      }
 20 }
[[email protected] ~]# systemctl restart nginx





[[email protected] ~]# htpasswd -c /usr/local/nginx/conf/auth_conf rzy
New password: 
Re-type new password: 
Adding password for user rzy
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
  1 worker_processes  1;
  2 events {
  3     worker_connections  1024;
  4 }
  5 http {
  6     include       mime.types;
  7     default_type  application/octet-stream;
  8     sendfile        on;
  9     keepalive_timeout  65;
 10     server {
 11         listen       80;
 12         server_name  localhost;
 13         location / {
 14             root   html;
 15             index index.html;
 16             auth_basic "请输入你的用户名和密码";
 17             auth_basic_user_file /usr/local/nginx/conf/auth_conf;
 18         }
 19      }
 20 }
[[email protected] ~]# systemctl restart nginx




  • 和apache相同,有三种方式,即基于ip、基于端口、基于域名,因为域名使用的最多,所以只做基于域名的
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf #修改配置文件
  1 worker_processes  1;
  2 events {
  3     worker_connections  1024;
  4 }
  5 http {
  6     include       mime.types;
  7     default_type  application/octet-stream;
  8     sendfile        on;
  9     keepalive_timeout  65;
 10     server {
 11         listen       80;
 12         server_name  www.aaa.com;  #不同域名
 13         location / {
 14             root   html/aaa;
 15             index index.html;
 16         }
 17      }
 18     server {
 19         listen       80;
 20         server_name  www.bbb.com;
 21         location / {
 22             root   html/bbb;
 23             index index.html;
 24         } 
 25      }
 26 }
[[email protected] ~]# cd /usr/local/nginx/html/
[[email protected] html]# mkdir aaa
[[email protected] html]# mkdir bbb
[[email protected] html]# echo "aaaaa" >aaa/index.html
[[email protected] html]# echo "bbbbb" >bbb/index.html
[[email protected] html]# systemctl restart nginx #重启服务





