Nginx website services

catalogue

preface

1, About Nginx

1. Overview

2. Advantages

3. Comparison between Nginx and Apache

2, Install Nginx service

1. Unzip the source package to / opt and view it

2. Install the environment component package required for compilation  

3,   Establish program user nginx and compile nginx

4. Compilation and installation

5. Optimize nginx startup scripts for system identification

6. Start, reconfigure, stop Nginx

7. The Nginx service control file uses the systemctl tool

8. Testing

2, Nginx access control

1. Access status statistics

2. Access control

two point one    Authorization based access control

two point two   Client based access control

3, Nginx virtual host

1. Domain name based Nginx virtual host

2. Port based virtual machine

3. Based on different IP access

summary

preface

With the vigorous development of computer and Internet technology, various Web sites have become the backbone directly facing users. Among all kinds of Web server software, in addition to Apache, there is a lightweight HTTP server software - Nginx. Its stability and efficiency are gradually recognized by more and more users. This blog will build a Nginx Web server and configure a domain name based virtual Web host.

1, About Nginx

1. Overview

Nginx is developed by Igor Sysoev of Russia for performance optimization. Its most famous advantages are its stability, low system resource consumption and high processing capacity for HTTP concurrent connections (a single physical server can support 30)   000~50   000 concurrent requests). Because of this, a large number of enterprises providing services such as social networks, news and information, e-commerce and virtual hosts have chosen nginx to provide Web services.

2. Advantages

  • High stability
  • Low system resource consumption
  • High processing capacity for HTTP concurrent connections
  • A single physical server can support 30000 ~ 50000 concurrent requests

3. Comparison between Nginx and Apache

  • Nginx is an event based Web server, and Apache is a process based server
  • All requests from Nginx are processed by a single thread, and Apache processes a single request by a single thread
  • Nginx avoids the concept of subprocesses, and Apache is based on subprocesses
  • Nginx is better in memory consumption and connection, while Apache is generally better in memory consumption and connection
  • The performance and scalability of Nginx do not depend on hardware, and Apache depends on hardware such as CPU and memory
  • Nginx supports hot deployment, while Apache does not
  • Nginx is more efficient for static file processing, and Apache is relatively general
  • Nginx has obvious advantages in the reverse proxy scenario, and Apache is relatively general

2, Install Nginx service

1. Unzip the source package to / opt and view it

[root@localhost ~]# cd /mnt    ##Switch to the mount point directory
[root@localhost mnt]# ls
apr-1.6.2.tar.gz                  Discuz_X2.5_SC_UTF8.zip  LAMP-php5.6.txt
apr-util-1.6.0.tar.gz             error.png                mysql-5.6.26.tar.gz
awstats-7.6.tar.gz                httpd-2.4.29.tar.bz2     nginx-1.12.0.tar.gz
cronolog-1.6.2-14.el7.x86_64.rpm  kali.jpg                 php-5.6.11.tar.bz2
[root@localhost mnt]# tar zxvf nginx-1.12.0.tar.gz -C /opt   ##Unzip the Nginx source package to / opt
[root@localhost mnt]# cd /opt/    ##Switch to the extracted directory
[root@localhost opt]# ls
nginx-1.12.0  rh

2. Install the environment component package required for compilation  

[root@localhost opt]# yum -y install \
gcc \                                       //c language
gcc-c++ \                        //c + + language
pcre-devel \                     //pcre language tools
zlib-devel                       //Function library for data compression

3,   Establish program user nginx and compile nginx

[root@localhost opt]# useradd -M -s /sbin/nologin nginx  ##Establish program user, secure and unable to log in
[root@localhost opt]# id nginx
uid=1001(nginx) gid=1001(nginx) group=1001(nginx)
[root@localhost opt]# cd nginx-1.12.0/                 ##Switch to nginx directory
[root@localhost nginx-1.12.0]# ./configure \         ##Configure nginx
> --prefix=/usr/local/nginx \        ##Installation path
> --user=nginx \                         ##user name
> --group=nginx \                       ##User group
> --with-http_stub_status_module     ##Status statistics module

4. Compilation and installation

make -j3 && make install

5. Optimize nginx startup scripts for system identification

[root@localhost nginx]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/  ##Establish a soft link to let the system recognize the nginx startup script
[root@localhost nginx]# nginx -t       ##Check the syntax of the configuration file
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost nginx]# nginx      ##Turn on ngnix
[root@localhost nginx]# systemctl stop firewalld.service    ##Turn off firewall
[root@localhost nginx]# setenforce 0 

6. Start, reconfigure, stop Nginx

​​[root@localhost nginx-1.15.9]# nginx  ## Start Nginx
[root@localhost nginx-1.15.9]# netstat -anpt |grep nginx ## Filtering Nginx processes
[root@localhost ~]# yum -y install psmisc        ###Minimum installation no killall orders need to be installed 
[root@localhost ~]# killall -s HUP nginx  ## Reload Nginx configuration file (equivalent to refresh)
[root@localhost ~]# killall -s QUIT nginx  ## Exit Nginx

7. The Nginx service control file uses the systemctl tool

[root@localhost ~]# vi /lib/systemd/system/nginx.service
[Unit]
Description=nginx   ###describe
After=network.target    ####Describe service category
[Service]
Type=forking    ###Background operation mode
PIDFile=/usr/local/nginx/logs/nginx.pid   ###PID file location  
ExecStart=/usr/local/nginx/sbin/nginx    ###Start service
ExecReload=/usr/bin/kill -s HUP $MAINPID  ###According to PID overload configuration
ExecStop=/usr/bin/kill -s QUIT $MAINPID  ###Terminate process according to PID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
==>> wq preservation
[root@localhost ~]# chmod 754 /lib/systemd/system/nginx.service 
[root@localhost ~]# systemctl enable nginx.service 
[root@localhost ~]# systemctl start nginx  ## So we can start Nginx in this way

8. Testing

2, Nginx access control

1. Access status statistics

Nginx has built-in http_ STUB_ The status statistics module is used to feed back the current Web access. When configuring compilation parameters, you can add - with HTTP_STUB_STATUS_ Module to enable this module support
You can use the command / usr/local/nginx/sbin/nginx-V to see if the installed Nginx contains HTTP_STUB_STATUS module.
To use the state statistics function of Nginx, in addition to enabling the built-in module, you also need to modify the nginx.conf configuration file, specify the access location and add a stub_status configuration code.

vim /usr/local/nginx/conf/nginx.conf

//Add stub_status configuration
location /status {         //The access location is / status
     stub_status on;       //Turn on the status statistics function
     access_log off;       //Turn off logging at this location
}

Restart the service and access the test

nginx -t
systemctl restart nginx.service
netstat -natp | grep 80

 

2. Access control

two point one    Authorization based access control

  • Install httpd tools first
[root@localhost ~]# yum -y install httpd-tools
  • Create user test and set password 12345
[root@localhost ~]# htpasswd -c /usr/local/nginx/.passwd.db test
New password: 
Re-type new password: 
Adding password for user test
  • Modify file permissions
[root@localhost ~]# chmod 400  /usr/local/nginx/.passwd.db  ## The permission to modify the password file is 400
[root@localhost ~]# chown nginx /usr/local/nginx/.passwd.db 
Change owner to nginx ,set up nginx The running user can read
  • View the file where the user name and password are stored
[root@localhost ~]# cd /usr/local/nginx/  
[root@localhost nginx]# cat .passwd.db   ##View the file where the user name and password are stored
test:$apr1$vHVaACQT$i1sRjEd2M59E4EJfpxliA.
  • Modify the configuration file and add authentication configuration
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf  ##Modify profile
 add to 
 auth_basic "secret";
 auth_basic_user_file /usr/local/nginx/.passwd.db;
==>> wq preservation
[root@localhost ~]# nginx -t  ##Detection syntax
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# killall -s HUP nginx   ## Restart service

 

two point two   Client based access control

  • Determine whether to allow access to the page through the client IP address
  • Configuration rules
    ■ deny lP/IP segment: deny client access to an IP or IP segment
    ■ allow IP/IP segment: allow client access to an IP or IP segment
    ■ the rules are executed from top to bottom. If they are matched, they will stop and no longer match from bottom to top

Modify master profile

vim /usr/local/nginx/conf/nginx.conf

 43         location / {
 44                 auth_basic "secret";        //Lines 44 and 45 are deleted
 45                 auth_basic_user_file /usr/local/nginx/passwd.db;
 46             root   html;
 47             index  index.html index.htm;
 48                 deny 192.168.41.160;         //Increase the IP address of the access denied client
 49                 allow all;                  //Add allow other IP clients to access
 50         }

Restart the service and access the test

nginx -t
systemctl restart nginx

 

3, Nginx virtual host

1. Domain name based Nginx virtual host

  • Add two domain names, both of which point to the same server IP address, to enable different domain names to access different virtual hosts
vim /etc/hosts
192.168.41.140 www.520.com www.accp.com www.benet.com       //Add two domain names later

Preparing web documents for virtual hosts

mkdir -p /var/www/html/accp         //Create the root directory of www.accp.com
mkdir -p /var/www/html/benet        //Create the root directory of www.benet.com
echo "<h1> www.accp.com<h1>" >/var/www/html/accp/index.html
echo "<h1> www.benet.com<h1>" >/var/www/html/benet/index.html

Modify the configuration file of Nginx

 35     server {
 36         listen       80;
 37         server_name  www.accp.com;            //Set the domain name www.acc0.com
 38         charset utf-8;
 39         access_log  logs/accp.access.log;     //Set log name
 40         location / {
 41             root   /var/www/html/accp/;       //Set the working directory of www.accp.com
 42             index  index.html index.htm;
 43         }
 44         error_page   500 502 503 504  /50x.html;
 45         location = /50x.html {
 46             root   html;
 47         }
 48     }
 49 
 50     server {
 51         listen       80;
 52         server_name  www.benet.com;
 53         charset utf-8;
 54         access_log  logs/benet.access.log;
 55         location / {
 56             root   /var/www/html/benet/;
 57             index  index.html index.htm;
 58         }
 59         error_page   500 502 503 504  /50x.html;
 60         location = /50x.html {
 61             root   html;
 62         }
 63     }

Restart the service and access the test

nginx -t

 

2. Port based virtual machine

Create a web page file on port 8080

mkdir -p /var/www/html/ll8080
echo "<h1> www.ll8080.com </h1>" > /var/www/html/ll8080/index.html

Modify the nginx main configuration file, and only modify the listening port

 35     server {                                 //Original accp configuration
 36         listen       192.168.41.140:80;      //Point to listening port
 37         server_name  www.accp.com;
 38         charset utf-8;
 39         access_log  logs/accp.access.log;
 40         location / {
 41             root   /var/www/html/accp/;
 42             index  index.html index.htm;
 43         }
 44         error_page   500 502 503 504  /50x.html;
 45         location = /50x.html {
 46             root   html;
 47         }
 48     }
 49 
 50     server {                                    //New accp configuration
 51         listen      192.168.41.140:8080;        //Point to port 8080
 52         server_name  www.accp.com;
 53         charset utf-8;
 54         access_log  logs/accp8080.access.log;   //For easy distinction, specify to generate different logs
 55         location / {
 56             root   /var/www/html/accp8080;      //Site home page pointing to port 8080
 57             index  index.html index.htm;
 58         }
 59         error_page   500 502 503 504  /50x.html;
 60         location = /50x.html {
 61             root   html;
 62         }
 63     }

 

3. Based on different IP access

Temporarily create a virtual network card

ifconfig ens33:0 192.168.41.100 netmask 255.255.255.255

Add mapping of 192.168.41.100

vim /etc/hosts
192.168.41.100 www.benet.com

Create a website root directory and a website home page file of 192.168.41.100 (index.html)

mkdir /var/www/html/benet100
echo "<h1> www.benet100.com </h1>" >>/var/www/html/benet100/index.html

Modify profile

 35     server {
 36         listen       192.168.41.140:80;
 37         server_name  www.accp.com;
 38         charset utf-8;
 39         access_log  logs/accp.access.log;
 40         location / {
 41             root   /var/www/html/accp/;
 42             index  index.html index.htm;
 43         }
 44         error_page   500 502 503 504  /50x.html;
 45         location = /50x.html {
 46             root   html;
 47         }
 48     }
 49 
 50     server {
 51         listen      192.168.41.100:80;           //The IP monitored by benet is modified to 100
 52         server_name  www.accp.com;
 53         charset utf-8;
 54         access_log  logs/benet100.access.log;
 55         location / {
 56             root   /var/www/html/benet100;
 57             index  index.html index.htm;
 58         }
 59         error_page   500 502 503 504  /50x.html;
 60         location = /50x.html {
 61             root   html;
 62         }
 63     }

Restart the service and access the test

nginx -t
systemctl restart nginx.service
netstat -antp | grep nginx

 

summary

  • The built-in access statistics function of Nginx is provided by stub_ Provided by the status module, you need to enable the "- with http_stub_status_module" option during compilation.
  • Nginx page access security has two ways: authorization based and client based.
  • Nginx virtual host can be built based on IP, domain name and port.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

 

 

 

 

 

 

 

 

 

Tags: Operation & Maintenance Nginx

Posted on Sun, 03 Oct 2021 22:06:23 -0400 by BrazilMac