CentOS7 source code installs Nginx and basic management settings of Nginx

CentOS7 installation Reference documents

CentOS7 initialization installation tool after minimum installation

  1: yum install net-tools Reference documents

        2: Source installation wget Reference documents   Or execute yum -y install wget

 

Steps for installing CentOS7 source code package

I: Nginx installation steps

1-1: source code download address   http://nginx.org/en/download.html

Execute command: WGet   wget http://nginx.org/download/nginx-1.21.3.tar.gz

1-2: unzip the downloaded file  

Execute command: tar   - zxvf     {compressed file name}. tar.gz

1-3: configure to detect installation and dependency information

View the command documentation and execute:. / configure --help

      

 

  Install the compiler first

Execute: sudo yum -y install gcc

Run:. / configure again to configure, as shown in the figure below:

      

 

  It is detected that a dependent package is not installed. Install pcre according to the prompt

Execute the command: sudo Yum - y install PCRE devel

Execute:. / configure again   As shown below:

      

 

  Follow the prompts to continue installing dependent packages:

Execute the command: sudo Yum - y install zlib devel

Repeat. / configure until no dependency is detected, which indicates that the detection has passed, as shown in the following figure:

     

 

   Detect and specify the installation path command:. / configure --prefix=/usr/local/nginx

,    

 

  1-4: execute the make instruction: generate an executable file from the source code, and no error is allowed in the middle

      

 

 

1-5: make install

Execute the installation command: sudo make install

    

  Test:

  1: Enter: / usr/local/nginx execute: / sbin/nginx

2: enter in the browser: http://localhost

3: install a text browser and test yum -y install elinks

      

   

Nginx related directory files

nginx path prefix: / usr/local/nginx (Nginx installation directory)

nginx binary file: / usr/local/nginx/sbin/nginx (nginx startup directory)

Nginx modules path: / usr/local/nginx/modules (nginx related module directory)

nginx configuration prefix: / usr/local/nginx/conf (nginx configuration file directory)  

nginx configuration file: / usr/local/nginx/conf/nginx.con (nginx startup configuration file)

nginx pid file: / usr/local/nginx/logs/nginx.pid (nginx process number)

Nginx error log file: / usr/local/nginx/logs/error.log: (nginx error log file)

nginx http access log file: / usr/local/nginx/logs/access.log

   

Turn off the firewall first (the test needs to be accessed from the LAN)

    setenforce 0
    systemctl stop firewalld
    systemctl disable firewalld

 

        Add Nginx to environment variable

Link nginx to / usr/local/sbin using soft connection

    ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin || /usr/local/sbin/ | grep "nginx" 

               

Displays the current environment variable PATH

      echo $PATH

Edit.bash_profile file

      vim ~/.bash_profile

In. Bash_ Add the following at the end of the profile file

      export PATH=$PATH:/usr/local/nginx/sbin

    

Reference.bash_profile file

      source ~/.bash_profile

Using the nginx command

# start nginx

      nginx

# stop nginx

      nginx -s quit

  

nginx partial configuration

# Start the default program for this program
#user  nobody;
# One main process and multiple work processes. This defines the number of main processes
worker_processes  4;

# Location and format of global error log
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    # Maximum concurrency per worker process
    worker_connections  1024;
}

# http service settings
http {
    include       mime.types;
    default_type  application/octet-stream;
    
    # Log format
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    # access_log  logs/access.log  main; # Global log path
    # $remote_addr and $http_x_forwarded_for is used to record the client ip address
    # $remote_user: record client name
    # $time_local: record access time and time zone
    # $request: record access status 200 succeeded
    # $body_ bytes_ Send: record the size of the body content of the file sent to the client
    # $http_referer: record which page link you accessed from
    # $http_user_agent: record client browser related information

    # The sendpie instruction specifies whether nginx calls the sendfile function (zero copy mode) to output the file
    sendfile        on;
    # Allow or disable TCP using socke_ The option of cork is only used when sendfile is used
    #tcp_nopush     on;
    # Long connection timeout
    #keepalive_timeout  0;
    keepalive_timeout  65;
    # Turn on compression
    #gzip  on;
    # Default web site configuration virtual host
    server {
    # Port used by virtual host
        listen       80;
    # Host domain name
        server_name  localhost;
    # Supported character sets
        charset utf-8;
        #Access log path
        #access_log  logs/host.access.log  main;
    # Define web root path
        location / {
        # Root directory path
            root   html;
        # Index page
            index  index.html index.htm;
        }

    # Access control directory
    location /a {
        # allow access to
        allow  127.0.0.0;
        # not allow
        deny  all;
        # return 404;
        return  http://www.baidu.com;
    }    
        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        # Return to the corresponding page according to the error code
        error_page   500 502 503 504  /50x.html;
        # 
    location = /50x.html {
            root   html;
        }

    }
}

  

If the configuration file is modified, first enter the nginx Directory: cd /usr/local/nginx, and then execute:. / SBIN / nginx - G. / conf / nginx.conf to check whether the configuration file is correct

Modify the configuration and restart nginx mode 1:

Execute first: kill nginx

Executing: cd /usr/local/nginx. / sbin/nginx

Modify the configuration and restart nginx mode 1:

Kill - s HUP nginx (reload configuration file)

nginx access directory configuration

Note: location in the access control directory / a {} the location value here is the root path in the web root path

    # Define web root path
        location / {
        # Root directory path
            root   html;
        # Index page
            index  index.html index.htm;
        }

    # Access control directory
    location /a {
        # allow access to
        allow  127.0.0.0;
        # not allow
        deny  all;
        # return 404;
        return  http://www.baidu.com;
    }    

  Nginx log management

The Nginx access log is mainly controlled by two parameters

    1: log_format is used to define the log format. You can define multiple log formats and take different names

    2: access_log is used to specify the log file path and the log format used to record logs

   

  log_format variable:

    # access_log logs/access.log main; # Global log path

    # $remote_addr and $http_x_forwarded_for is used to record the client ip address

  `    # $ remote_user: record client name
    # $time_local: record access time and time zone
# $request: record access status 200 succeeded
    # $body_ bytes_ Send: record the size of the body content of the file sent to the client
    # $http_referer: record which page link you accessed from
    # $http_user_agent: record client browser related information

   

 

  The custom format is json format:

   # Custom log format
    # log_format default_fmt '[$time_local] $remote_addr "$request"'
    # Custom json log format
    log_format default_fmt_json '{"@timestamp":"$time_local",'
                                '"client_ip":"$remote_addr",'
                                '"request":"$request",'
                                '"status":"$status",'
                                '"bytes":"$body_bytes_sent",'
                                '"x_forwarded":"$http_x_forwarded_for",'
                                '"referer":"$http_referer"'
                                '}';

The test results of the two formats are as follows:

    

 

Nginx picture anti-theft chain

   

        # Anti theft chain (for b catalog only)
        # location /b {
        # The following file suffixes in the project
        location ~* \.(png|gif|bmp|jpg|jpeg)$ {
        valid_referers none blocked *.ticp.net;
        if ($invalid_referer){
                return 403;
        }
        }

 

Nginx virtual host

A web server software can only publish one web by default, because three conditions (IP, Port, Domain name) are required for sharing a web

Virtual host is to divide a physical server into multiple virtual servers. Each virtual host can have an independent domain name and an independent directory.

    

 

 

1: IP based virtual host

Preparation:

1: prepare two websites under the nginx root directory, such as:

        /usr/local/nginx/html/web1/index.html

        /usr/local/nginx/html/web1/index.html

2: add a sub IP, and use the logical network card to add a self network card

Add network card: ifconfig ens33:1 192.168.0.131/24 up

Delete network card: ifconfig ens33:1 down

      

 

  IP based virtual host nginx configuration information (/ usr/local/nginx/conf/nginx.conf)

    

user centos;
worker_processes  4;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    
    log_format default_fmt_json '{"@timestamp":"$time_local",'
                    '"client_ip":"$remote_addr",'
                '"request":"$request",'
                '"status":"$status",'
                '"bytes":"$body_bytes_sent",'
                '"x_forwarded":"$http_x_forwarded_for",'
                '"referer":"$http_referer"'
                '}';    
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       192.168.0.130:80;
        server_name  localhost;
        charset utf-8;
        access_log  logs/host.access.log  default_fmt_json;
        location / {
            root   html/web1;
            index  index.html index.htm;
        }
    }
    server {
        listen       192.168.0.131:80;
        server_name  localhost;
        charset utf-8;
        access_log  logs/host.access.log  default_fmt_json;
        location / {
            root   html/web2;
            index  index.html index.htm;
        }
    }
}

Restart nginx test (first: kill nginx,.. / sbin/nginx)

   

 

 

  

 

  2: port based virtual host (just modify the configuration)

user centos;
worker_processes  4;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    
    log_format default_fmt_json '{"@timestamp":"$time_local",'
                    '"client_ip":"$remote_addr",'
                '"request":"$request",'
                '"status":"$status",'
                '"bytes":"$body_bytes_sent",'
                '"x_forwarded":"$http_x_forwarded_for",'
                '"referer":"$http_referer"'
                '}';    
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        #server_name  localhost;
        charset utf-8;
        access_log  logs/host.access.log  default_fmt_json;
        location / {
            root   html/web1;
            index  index.html index.htm;
        }
    }
    server {
        listen       8080;
        #server_name  localhost;
        charset utf-8;
        access_log  logs/host.access.log  default_fmt_json;
        location / {
            root   html/web2;
            index  index.html index.htm;
        }
    }
}

    

 

  Testing

    

 

  3: domain name based virtual host profile

    

 

Nginx reverse proxy

The proxy server, when the client sends a request, it will not directly send it to the destination host, but first send it to the proxy server. After receiving the client's request, the proxy server sends it to the host and receives the data returned by the destination host, which is stored in the hard disk of the proxy server and sent to the client

    

 

 

Application scenario:

Fortress machine scene

Intranet server publishing scenario

Cache scene

        

 

 

        

    

Principle of proxy server:

           

 

  Agent profile

user centos;
worker_processes  4;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    
    log_format default_fmt_json '{"@timestamp":"$time_local",'
                    '"client_ip":"$remote_addr",'
                '"request":"$request",'
                '"status":"$status",'
                '"bytes":"$body_bytes_sent",'
                '"x_forwarded":"$http_x_forwarded_for",'
                '"referer":"$http_referer"'
                '}';    
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        #server_name  localhost;
        charset utf-8;
        access_log  logs/host.access.log  default_fmt_json;
        location / {
            proxy_pass http://wendj.ticp.net;
        }
    }
}

    

Nginx speed limit

The official version of Nginx restricts the link and concurrency of IP. There are two modules respectively

        limit_req_zone: used to limit the number of requests per unit time, that is, the speed limit.

        limit_req_conn: used to limit the number of connections at the same time, that is, concurrency limit.

         

 

  URL rewriting in Nginx

Rewrite Module (ngx_http_rewrite_module)

The Rewrite function is an important function provided by the Nginx server. Almost all web products have the necessary skills for URL rewriting. URL rewriting is a very common function. For example, after we change the website structure, it does not need the client to modify the original bookmark, nor does it need other websites to absorb the friendly links to my website. It can also improve the website security to a certain extent.

The Rewrite function of Nginx server depends on PCRE (Perl compatible regular expression)

      

Nginx optimization

Nginx is the main process + work process model

    worker_processes 1: the number of work processes, adjusted by the total core of the CPU

    worker_cpu_affinity 0001 0100 1000: CPU affinity

    worker_connections 1024: the number of concurrent connections of a worker process

View the CPU core instruction: cat /proc/cpuinfo |grep "flags"|wc -l

    

 

  Count the number of nginx connections: netstat -antpl|grep nginx|grep ESTABLISHED|wc -l

   

Nginx long connection

http protocol belongs to TCP protocol

Optimization goal: reduce the number of three handshakes and four waves

     keepalive_timeout 5: long connection time

     keepalive_requests 8192: maximum number of requests per long connection

    Nginx data compression

     gzip on; # turn on compression

     gzip_proxied any; # compress at any time

     gzip_min_length 1k; # enable compression of minimum files. Files smaller than the setting will not be compressed

         gzip_buffers 4 8k; # compressed cache size

     gzip_comp_level 6; # compression level 1-9 the larger the number, the better the compression and the more CPU time it takes

     gzip_types text/plain text/css application/x-javascript application/javascript application/xml; # compressed file type

Nginx client cache

     location ~* \.(png|gif|jpg|jpeg)${

     expires 1h;

     }

  

  Nginx reference articles

 

  

Tags: Python Linux CentOS

Posted on Sun, 31 Oct 2021 20:36:18 -0400 by jacinthe