CentOS7 installation Reference documents
CentOS7 initialization installation tool after minimum installation
1: yum install net-tools Reference documents
2: Source installation wget Reference documents Or execute yum -y install wget
Steps for installing CentOS7 source code package
I: Nginx installation steps
1-1: source code download address http://nginx.org/en/download.html
Execute command: WGet wget http://nginx.org/download/nginx-1.21.3.tar.gz
1-2: unzip the downloaded file
Execute command: tar - zxvf {compressed file name}. tar.gz
1-3: configure to detect installation and dependency information
View the command documentation and execute:. / configure --help
Install the compiler first
Execute: sudo yum -y install gcc
Run:. / configure again to configure, as shown in the figure below:
It is detected that a dependent package is not installed. Install pcre according to the prompt
Execute the command: sudo Yum - y install PCRE devel
Execute:. / configure again As shown below:
Follow the prompts to continue installing dependent packages:
Execute the command: sudo Yum - y install zlib devel
Repeat. / configure until no dependency is detected, which indicates that the detection has passed, as shown in the following figure:
Detect and specify the installation path command:. / configure --prefix=/usr/local/nginx
, 
1-4: execute the make instruction: generate an executable file from the source code, and no error is allowed in the middle
1-5: make install
Execute the installation command: sudo make install
Test:
1: Enter: / usr/local/nginx execute: / sbin/nginx
2: enter in the browser: http://localhost
3: install a text browser and test yum -y install elinks
Nginx related directory files
nginx path prefix: / usr/local/nginx (Nginx installation directory)
nginx binary file: / usr/local/nginx/sbin/nginx (nginx startup directory)
Nginx modules path: / usr/local/nginx/modules (nginx related module directory)
nginx configuration prefix: / usr/local/nginx/conf (nginx configuration file directory)
nginx configuration file: / usr/local/nginx/conf/nginx.con (nginx startup configuration file)
nginx pid file: / usr/local/nginx/logs/nginx.pid (nginx process number)
Nginx error log file: / usr/local/nginx/logs/error.log: (nginx error log file)
nginx http access log file: / usr/local/nginx/logs/access.log
Turn off the firewall first (the test needs to be accessed from the LAN)
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
Add Nginx to environment variable
Link nginx to / usr/local/sbin using soft connection
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin || /usr/local/sbin/ | grep "nginx"
Displays the current environment variable PATH
echo $PATH
Edit.bash_profile file
vim ~/.bash_profile
In. Bash_ Add the following at the end of the profile file
export PATH=$PATH:/usr/local/nginx/sbin
Reference.bash_profile file
source ~/.bash_profile
Using the nginx command
# start nginx
nginx
# stop nginx
nginx -s quit
nginx partial configuration
# Start the default program for this program #user nobody; # One main process and multiple work processes. This defines the number of main processes worker_processes 4; # Location and format of global error log #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { # Maximum concurrency per worker process worker_connections 1024; } # http service settings http { include mime.types; default_type application/octet-stream; # Log format #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; # access_log logs/access.log main; # Global log path # $remote_addr and $http_x_forwarded_for is used to record the client ip address # $remote_user: record client name # $time_local: record access time and time zone # $request: record access status 200 succeeded # $body_ bytes_ Send: record the size of the body content of the file sent to the client # $http_referer: record which page link you accessed from # $http_user_agent: record client browser related information # The sendpie instruction specifies whether nginx calls the sendfile function (zero copy mode) to output the file sendfile on; # Allow or disable TCP using socke_ The option of cork is only used when sendfile is used #tcp_nopush on; # Long connection timeout #keepalive_timeout 0; keepalive_timeout 65; # Turn on compression #gzip on; # Default web site configuration virtual host server { # Port used by virtual host listen 80; # Host domain name server_name localhost; # Supported character sets charset utf-8; #Access log path #access_log logs/host.access.log main; # Define web root path location / { # Root directory path root html; # Index page index index.html index.htm; } # Access control directory location /a { # allow access to allow 127.0.0.0; # not allow deny all; # return 404; return http://www.baidu.com; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # Return to the corresponding page according to the error code error_page 500 502 503 504 /50x.html; # location = /50x.html { root html; } } }
If the configuration file is modified, first enter the nginx Directory: cd /usr/local/nginx, and then execute:. / SBIN / nginx - G. / conf / nginx.conf to check whether the configuration file is correct
Modify the configuration and restart nginx mode 1:
Execute first: kill nginx
Executing: cd /usr/local/nginx. / sbin/nginx
Modify the configuration and restart nginx mode 1:
Kill - s HUP nginx (reload configuration file)
nginx access directory configuration
Note: location in the access control directory / a {} the location value here is the root path in the web root path
# Define web root path location / { # Root directory path root html; # Index page index index.html index.htm; } # Access control directory location /a { # allow access to allow 127.0.0.0; # not allow deny all; # return 404; return http://www.baidu.com; }
Nginx log management
The Nginx access log is mainly controlled by two parameters
1: log_format is used to define the log format. You can define multiple log formats and take different names
2: access_log is used to specify the log file path and the log format used to record logs
log_format variable:
# access_log logs/access.log main; # Global log path
# $remote_addr and $http_x_forwarded_for is used to record the client ip address
` # $ remote_user: record client name
# $time_local: record access time and time zone
# $request: record access status 200 succeeded
# $body_ bytes_ Send: record the size of the body content of the file sent to the client
# $http_referer: record which page link you accessed from
# $http_user_agent: record client browser related information
The custom format is json format:
# Custom log format # log_format default_fmt '[$time_local] $remote_addr "$request"' # Custom json log format log_format default_fmt_json '{"@timestamp":"$time_local",' '"client_ip":"$remote_addr",' '"request":"$request",' '"status":"$status",' '"bytes":"$body_bytes_sent",' '"x_forwarded":"$http_x_forwarded_for",' '"referer":"$http_referer"' '}';
The test results of the two formats are as follows:
Nginx picture anti-theft chain
# Anti theft chain (for b catalog only) # location /b { # The following file suffixes in the project location ~* \.(png|gif|bmp|jpg|jpeg)$ { valid_referers none blocked *.ticp.net; if ($invalid_referer){ return 403; } }
Nginx virtual host
A web server software can only publish one web by default, because three conditions (IP, Port, Domain name) are required for sharing a web
Virtual host is to divide a physical server into multiple virtual servers. Each virtual host can have an independent domain name and an independent directory.
1: IP based virtual host
Preparation:
1: prepare two websites under the nginx root directory, such as:
/usr/local/nginx/html/web1/index.html
/usr/local/nginx/html/web1/index.html
2: add a sub IP, and use the logical network card to add a self network card
Add network card: ifconfig ens33:1 192.168.0.131/24 up
Delete network card: ifconfig ens33:1 down
IP based virtual host nginx configuration information (/ usr/local/nginx/conf/nginx.conf)
user centos; worker_processes 4; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format default_fmt_json '{"@timestamp":"$time_local",' '"client_ip":"$remote_addr",' '"request":"$request",' '"status":"$status",' '"bytes":"$body_bytes_sent",' '"x_forwarded":"$http_x_forwarded_for",' '"referer":"$http_referer"' '}'; sendfile on; keepalive_timeout 65; server { listen 192.168.0.130:80; server_name localhost; charset utf-8; access_log logs/host.access.log default_fmt_json; location / { root html/web1; index index.html index.htm; } } server { listen 192.168.0.131:80; server_name localhost; charset utf-8; access_log logs/host.access.log default_fmt_json; location / { root html/web2; index index.html index.htm; } } }
Restart nginx test (first: kill nginx,.. / sbin/nginx)
2: port based virtual host (just modify the configuration)
user centos; worker_processes 4; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format default_fmt_json '{"@timestamp":"$time_local",' '"client_ip":"$remote_addr",' '"request":"$request",' '"status":"$status",' '"bytes":"$body_bytes_sent",' '"x_forwarded":"$http_x_forwarded_for",' '"referer":"$http_referer"' '}'; sendfile on; keepalive_timeout 65; server { listen 80; #server_name localhost; charset utf-8; access_log logs/host.access.log default_fmt_json; location / { root html/web1; index index.html index.htm; } } server { listen 8080; #server_name localhost; charset utf-8; access_log logs/host.access.log default_fmt_json; location / { root html/web2; index index.html index.htm; } } }
Testing
3: domain name based virtual host profile
Nginx reverse proxy
The proxy server, when the client sends a request, it will not directly send it to the destination host, but first send it to the proxy server. After receiving the client's request, the proxy server sends it to the host and receives the data returned by the destination host, which is stored in the hard disk of the proxy server and sent to the client
Application scenario:
Fortress machine scene
Intranet server publishing scenario
Cache scene
Principle of proxy server:
Agent profile
user centos; worker_processes 4; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format default_fmt_json '{"@timestamp":"$time_local",' '"client_ip":"$remote_addr",' '"request":"$request",' '"status":"$status",' '"bytes":"$body_bytes_sent",' '"x_forwarded":"$http_x_forwarded_for",' '"referer":"$http_referer"' '}'; sendfile on; keepalive_timeout 65; server { listen 80; #server_name localhost; charset utf-8; access_log logs/host.access.log default_fmt_json; location / { proxy_pass http://wendj.ticp.net; } } }
Nginx speed limit
The official version of Nginx restricts the link and concurrency of IP. There are two modules respectively
limit_req_zone: used to limit the number of requests per unit time, that is, the speed limit.
limit_req_conn: used to limit the number of connections at the same time, that is, concurrency limit.
URL rewriting in Nginx
Rewrite Module (ngx_http_rewrite_module)
The Rewrite function is an important function provided by the Nginx server. Almost all web products have the necessary skills for URL rewriting. URL rewriting is a very common function. For example, after we change the website structure, it does not need the client to modify the original bookmark, nor does it need other websites to absorb the friendly links to my website. It can also improve the website security to a certain extent.
The Rewrite function of Nginx server depends on PCRE (Perl compatible regular expression)
Nginx optimization
Nginx is the main process + work process model
worker_processes 1: the number of work processes, adjusted by the total core of the CPU
worker_cpu_affinity 0001 0100 1000: CPU affinity
worker_connections 1024: the number of concurrent connections of a worker process
View the CPU core instruction: cat /proc/cpuinfo |grep "flags"|wc -l
Count the number of nginx connections: netstat -antpl|grep nginx|grep ESTABLISHED|wc -l
Nginx long connection
http protocol belongs to TCP protocol
Optimization goal: reduce the number of three handshakes and four waves
keepalive_timeout 5: long connection time
keepalive_requests 8192: maximum number of requests per long connection
Nginx data compression
gzip on; # turn on compression
gzip_proxied any; # compress at any time
gzip_min_length 1k; # enable compression of minimum files. Files smaller than the setting will not be compressed
gzip_buffers 4 8k; # compressed cache size
gzip_comp_level 6; # compression level 1-9 the larger the number, the better the compression and the more CPU time it takes
gzip_types text/plain text/css application/x-javascript application/javascript application/xml; # compressed file type
Nginx client cache
location ~* \.(png|gif|jpg|jpeg)${
expires 1h;
}