catalogue
3. Comparison between Nginx and Apache
1. Unzip the source package to / opt and view it
2. Install the environment component package required for compilation
3, Establish program user nginx and compile nginx
4. Compilation and installation
5. Optimize nginx startup scripts for system identification
6. Start, reconfigure, stop Nginx
7. The Nginx service control file uses the systemctl tool
two point one Authorization based access control
two point two Client based access control
1. Domain name based Nginx virtual host
3. Based on different IP access
preface
With the vigorous development of computer and Internet technology, various Web sites have become the backbone directly facing users. Among all kinds of Web server software, in addition to Apache, there is a lightweight HTTP server software - Nginx. Its stability and efficiency are gradually recognized by more and more users. This blog will build a Nginx Web server and configure a domain name based virtual Web host.
1, About Nginx
1. Overview
Nginx is developed by Igor Sysoev of Russia for performance optimization. Its most famous advantages are its stability, low system resource consumption and high processing capacity for HTTP concurrent connections (a single physical server can support 30) 000~50 000 concurrent requests). Because of this, a large number of enterprises providing services such as social networks, news and information, e-commerce and virtual hosts have chosen nginx to provide Web services.
2. Advantages
- High stability
- Low system resource consumption
- High processing capacity for HTTP concurrent connections
- A single physical server can support 30000 ~ 50000 concurrent requests
3. Comparison between Nginx and Apache
- Nginx is an event based Web server, and Apache is a process based server
- All requests from Nginx are processed by a single thread, and Apache processes a single request by a single thread
- Nginx avoids the concept of subprocesses, and Apache is based on subprocesses
- Nginx is better in memory consumption and connection, while Apache is generally better in memory consumption and connection
- The performance and scalability of Nginx do not depend on hardware, and Apache depends on hardware such as CPU and memory
- Nginx supports hot deployment, while Apache does not
- Nginx is more efficient for static file processing, and Apache is relatively general
- Nginx has obvious advantages in the reverse proxy scenario, and Apache is relatively general
2, Install Nginx service
1. Unzip the source package to / opt and view it
[root@localhost ~]# cd /mnt ##Switch to the mount point directory [root@localhost mnt]# ls apr-1.6.2.tar.gz Discuz_X2.5_SC_UTF8.zip LAMP-php5.6.txt apr-util-1.6.0.tar.gz error.png mysql-5.6.26.tar.gz awstats-7.6.tar.gz httpd-2.4.29.tar.bz2 nginx-1.12.0.tar.gz cronolog-1.6.2-14.el7.x86_64.rpm kali.jpg php-5.6.11.tar.bz2 [root@localhost mnt]# tar zxvf nginx-1.12.0.tar.gz -C /opt ##Unzip the Nginx source package to / opt [root@localhost mnt]# cd /opt/ ##Switch to the extracted directory [root@localhost opt]# ls nginx-1.12.0 rh
2. Install the environment component package required for compilation
[root@localhost opt]# yum -y install \ gcc \ //c language gcc-c++ \ //c + + language pcre-devel \ //pcre language tools zlib-devel //Function library for data compression
3, Establish program user nginx and compile nginx
[root@localhost opt]# useradd -M -s /sbin/nologin nginx ##Establish program user, secure and unable to log in [root@localhost opt]# id nginx uid=1001(nginx) gid=1001(nginx) group=1001(nginx) [root@localhost opt]# cd nginx-1.12.0/ ##Switch to nginx directory [root@localhost nginx-1.12.0]# ./configure \ ##Configure nginx > --prefix=/usr/local/nginx \ ##Installation path > --user=nginx \ ##user name > --group=nginx \ ##User group > --with-http_stub_status_module ##Status statistics module
4. Compilation and installation
make -j3 && make install
5. Optimize nginx startup scripts for system identification
[root@localhost nginx]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ ##Establish a soft link to let the system recognize the nginx startup script [root@localhost nginx]# nginx -t ##Check the syntax of the configuration file nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@localhost nginx]# nginx ##Turn on ngnix [root@localhost nginx]# systemctl stop firewalld.service ##Turn off firewall [root@localhost nginx]# setenforce 0
6. Start, reconfigure, stop Nginx
[root@localhost nginx-1.15.9]# nginx ## Start Nginx [root@localhost nginx-1.15.9]# netstat -anpt |grep nginx ## Filtering Nginx processes [root@localhost ~]# yum -y install psmisc ###Minimum installation no killall orders need to be installed [root@localhost ~]# killall -s HUP nginx ## Reload Nginx configuration file (equivalent to refresh) [root@localhost ~]# killall -s QUIT nginx ## Exit Nginx
7. The Nginx service control file uses the systemctl tool
[root@localhost ~]# vi /lib/systemd/system/nginx.service [Unit] Description=nginx ###describe After=network.target ####Describe service category [Service] Type=forking ###Background operation mode PIDFile=/usr/local/nginx/logs/nginx.pid ###PID file location ExecStart=/usr/local/nginx/sbin/nginx ###Start service ExecReload=/usr/bin/kill -s HUP $MAINPID ###According to PID overload configuration ExecStop=/usr/bin/kill -s QUIT $MAINPID ###Terminate process according to PID PrivateTmp=true [Install] WantedBy=multi-user.target ==>> wq preservation [root@localhost ~]# chmod 754 /lib/systemd/system/nginx.service [root@localhost ~]# systemctl enable nginx.service [root@localhost ~]# systemctl start nginx ## So we can start Nginx in this way
8. Testing
2, Nginx access control
1. Access status statistics
Nginx has built-in http_ STUB_ The status statistics module is used to feed back the current Web access. When configuring compilation parameters, you can add - with HTTP_STUB_STATUS_ Module to enable this module support
You can use the command / usr/local/nginx/sbin/nginx-V to see if the installed Nginx contains HTTP_STUB_STATUS module.
To use the state statistics function of Nginx, in addition to enabling the built-in module, you also need to modify the nginx.conf configuration file, specify the access location and add a stub_status configuration code.
vim /usr/local/nginx/conf/nginx.conf //Add stub_status configuration location /status { //The access location is / status stub_status on; //Turn on the status statistics function access_log off; //Turn off logging at this location }
Restart the service and access the test
nginx -t systemctl restart nginx.service netstat -natp | grep 80
2. Access control
two point one Authorization based access control
- Install httpd tools first
[root@localhost ~]# yum -y install httpd-tools
- Create user test and set password 12345
[root@localhost ~]# htpasswd -c /usr/local/nginx/.passwd.db test New password: Re-type new password: Adding password for user test
- Modify file permissions
[root@localhost ~]# chmod 400 /usr/local/nginx/.passwd.db ## The permission to modify the password file is 400 [root@localhost ~]# chown nginx /usr/local/nginx/.passwd.db Change owner to nginx ,set up nginx The running user can read
- View the file where the user name and password are stored
[root@localhost ~]# cd /usr/local/nginx/ [root@localhost nginx]# cat .passwd.db ##View the file where the user name and password are stored test:$apr1$vHVaACQT$i1sRjEd2M59E4EJfpxliA.
- Modify the configuration file and add authentication configuration
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf ##Modify profile add to auth_basic "secret"; auth_basic_user_file /usr/local/nginx/.passwd.db; ==>> wq preservation [root@localhost ~]# nginx -t ##Detection syntax nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@localhost ~]# killall -s HUP nginx ## Restart service
two point two Client based access control
- Determine whether to allow access to the page through the client IP address
- Configuration rules
■ deny lP/IP segment: deny client access to an IP or IP segment
■ allow IP/IP segment: allow client access to an IP or IP segment
■ the rules are executed from top to bottom. If they are matched, they will stop and no longer match from bottom to top
Modify master profile
vim /usr/local/nginx/conf/nginx.conf 43 location / { 44 auth_basic "secret"; //Lines 44 and 45 are deleted 45 auth_basic_user_file /usr/local/nginx/passwd.db; 46 root html; 47 index index.html index.htm; 48 deny 192.168.41.160; //Increase the IP address of the access denied client 49 allow all; //Add allow other IP clients to access 50 }
Restart the service and access the test
nginx -t systemctl restart nginx
3, Nginx virtual host
1. Domain name based Nginx virtual host
- Add two domain names, both of which point to the same server IP address, to enable different domain names to access different virtual hosts
vim /etc/hosts 192.168.41.140 www.520.com www.accp.com www.benet.com //Add two domain names later
Preparing web documents for virtual hosts
mkdir -p /var/www/html/accp //Create the root directory of www.accp.com mkdir -p /var/www/html/benet //Create the root directory of www.benet.com echo "<h1> www.accp.com<h1>" >/var/www/html/accp/index.html echo "<h1> www.benet.com<h1>" >/var/www/html/benet/index.html
Modify the configuration file of Nginx
35 server { 36 listen 80; 37 server_name www.accp.com; //Set the domain name www.acc0.com 38 charset utf-8; 39 access_log logs/accp.access.log; //Set log name 40 location / { 41 root /var/www/html/accp/; //Set the working directory of www.accp.com 42 index index.html index.htm; 43 } 44 error_page 500 502 503 504 /50x.html; 45 location = /50x.html { 46 root html; 47 } 48 } 49 50 server { 51 listen 80; 52 server_name www.benet.com; 53 charset utf-8; 54 access_log logs/benet.access.log; 55 location / { 56 root /var/www/html/benet/; 57 index index.html index.htm; 58 } 59 error_page 500 502 503 504 /50x.html; 60 location = /50x.html { 61 root html; 62 } 63 }
Restart the service and access the test
nginx -t
2. Port based virtual machine
Create a web page file on port 8080
mkdir -p /var/www/html/ll8080 echo "<h1> www.ll8080.com </h1>" > /var/www/html/ll8080/index.html
Modify the nginx main configuration file, and only modify the listening port
35 server { //Original accp configuration 36 listen 192.168.41.140:80; //Point to listening port 37 server_name www.accp.com; 38 charset utf-8; 39 access_log logs/accp.access.log; 40 location / { 41 root /var/www/html/accp/; 42 index index.html index.htm; 43 } 44 error_page 500 502 503 504 /50x.html; 45 location = /50x.html { 46 root html; 47 } 48 } 49 50 server { //New accp configuration 51 listen 192.168.41.140:8080; //Point to port 8080 52 server_name www.accp.com; 53 charset utf-8; 54 access_log logs/accp8080.access.log; //For easy distinction, specify to generate different logs 55 location / { 56 root /var/www/html/accp8080; //Site home page pointing to port 8080 57 index index.html index.htm; 58 } 59 error_page 500 502 503 504 /50x.html; 60 location = /50x.html { 61 root html; 62 } 63 }
3. Based on different IP access
Temporarily create a virtual network card
ifconfig ens33:0 192.168.41.100 netmask 255.255.255.255
Add mapping of 192.168.41.100
vim /etc/hosts 192.168.41.100 www.benet.com
Create a website root directory and a website home page file of 192.168.41.100 (index.html)
mkdir /var/www/html/benet100 echo "<h1> www.benet100.com </h1>" >>/var/www/html/benet100/index.html
Modify profile
35 server { 36 listen 192.168.41.140:80; 37 server_name www.accp.com; 38 charset utf-8; 39 access_log logs/accp.access.log; 40 location / { 41 root /var/www/html/accp/; 42 index index.html index.htm; 43 } 44 error_page 500 502 503 504 /50x.html; 45 location = /50x.html { 46 root html; 47 } 48 } 49 50 server { 51 listen 192.168.41.100:80; //The IP monitored by benet is modified to 100 52 server_name www.accp.com; 53 charset utf-8; 54 access_log logs/benet100.access.log; 55 location / { 56 root /var/www/html/benet100; 57 index index.html index.htm; 58 } 59 error_page 500 502 503 504 /50x.html; 60 location = /50x.html { 61 root html; 62 } 63 }
Restart the service and access the test
nginx -t systemctl restart nginx.service netstat -antp | grep nginx
summary
- The built-in access statistics function of Nginx is provided by stub_ Provided by the status module, you need to enable the "- with http_stub_status_module" option during compilation.
- Nginx page access security has two ways: authorization based and client based.
- Nginx virtual host can be built based on IP, domain name and port.