NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.
NGINX is one of a handful of servers written to address the C10K problem. Unlike traditional servers, NGINX doesn’t rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load. Even if you don’t expect to handle thousands of simultaneous requests, you can still benefit from NGINX’s high-performance and small memory footprint. NGINX scales in all directions: from the smallest VPS all the way up to large clusters of servers.
解决了c10k问题
==========================================================================
在编译安装前先看下centos6.8系统自带的yum源上面的rpm包装的nginx都有哪些内容
[root@localhost ~]#yum info nginx Available Packages Name : nginx Arch : x86_64 Version : 1.10.2 Release : 1.el6 Size : 462 k Repo : epel Summary : A high performance web server and reverse proxy server URL : http://nginx.org/ License : BSD Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and : IMAP protocols, with a strong focus on high concurrency, performance and low : memory usage.
安装后查看安装的文件
[root@localhost ~]#rpm -ql nginx /etc/logrotate.d/nginx /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/virtual.conf /etc/nginx/fastcgi.conf /etc/nginx/fastcgi.conf.default /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params.default /etc/nginx/koi-utf /etc/nginx/koi-win /etc/nginx/mime.types /etc/nginx/mime.types.default /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default /etc/nginx/scgi_params /etc/nginx/scgi_params.default /etc/nginx/uwsgi_params /etc/nginx/uwsgi_params.default /etc/nginx/win-utf /etc/rc.d/init.d/nginx /etc/sysconfig/nginx /usr/lib64/nginx/modules /usr/sbin/nginx /usr/share/doc/nginx-1.10.2 /usr/share/doc/nginx-1.10.2/CHANGES /usr/share/doc/nginx-1.10.2/LICENSE /usr/share/doc/nginx-1.10.2/README /usr/share/doc/nginx-1.10.2/README.dynamic /usr/share/doc/nginx-1.10.2/UPGRADE-NOTES-1.0-to-1.10 /usr/share/man/man3/nginx.3pm.gz /usr/share/man/man8/nginx.8.gz /usr/share/nginx/html/404.html /usr/share/nginx/html/50x.html /usr/share/nginx/html/index.html /usr/share/nginx/html/nginx-logo.png /usr/share/nginx/html/poweredby.png /usr/share/vim/vimfiles/ftdetect/nginx.vim /usr/share/vim/vimfiles/indent/nginx.vim /usr/share/vim/vimfiles/syntax/nginx.vim /var/lib/nginx /var/lib/nginx/tmp /var/log/nginx
首先配置文件是日志滚动的配置文件,当日志内容过大的时候会自动滚动为按时间排序的日志,里面的命令是什么意思?
[root@localhost ~]#cat /etc/logrotate.d/nginx /var/log/nginx/*log { daily rotate 10 missingok notifempty compress sharedscripts postrotate /bin/kill -USR1 $(cat /var/run/nginx.pid 2>/dev/null) 2>/dev/null || : endscript }
下来是配置文件,在主配置文件中只写一些全局配置,具体的server单独一个文件
[root@localhost /etc/nginx]#cat nginx.conf # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; }
一个默认的主机配置文件,这些都是root权限,不需要修改,只是查看。在下面的编译安装的时候,提供几个常用的配置文件,便于快速修改配置
[root@localhost /etc/nginx/conf.d]#cat default.conf # # The default server # server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
启动配置文件,里面的内容值得参考,daemon函数太多了,只用知道这是启动程序用的:http://9528du.blog.51cto.com/8979089/1420058
[root@localhost /etc/init.d]#cat nginx #!/bin/sh # # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /etc/nginx/nginx.conf # config: /etc/sysconfig/nginx # pidfile: /var/run/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/usr/sbin/nginx" prog=$(basename $nginx) sysconfig="/etc/sysconfig/$prog" lockfile="/var/lock/subsys/nginx" pidfile="/var/run/${prog}.pid" NGINX_CONF_FILE="/etc/nginx/nginx.conf" [ -f $sysconfig ] && . $sysconfig start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc -p $pidfile $prog retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest_q || return 6 stop start } reload() { configtest_q || return 6 echo -n $"Reloading $prog: " killproc -p $pidfile $prog -HUP echo } configtest() { $nginx -t -c $NGINX_CONF_FILE } configtest_q() { $nginx -t -q -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } # Upgrade the binary with no downtime. upgrade() { local oldbin_pidfile="${pidfile}.oldbin" configtest_q || return 6 echo -n $"Upgrading $prog: " killproc -p $pidfile $prog -USR2 retval=$? sleep 1 if [[ -f ${oldbin_pidfile} && -f ${pidfile} ]]; then killproc -p $oldbin_pidfile $prog -QUIT success $"$prog online upgrade" echo return 0 else failure $"$prog online upgrade" echo return 1 fi } # Tell nginx to reopen logs reopen_logs() { configtest_q || return 6 echo -n $"Reopening $prog logs: " killproc -p $pidfile $prog -USR1 retval=$? echo return $retval } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest|reopen_logs) $1 ;; force-reload|upgrade) rh_status_q || exit 7 upgrade ;; reload) rh_status_q || exit 7 $1 ;; status|status_q) rh_$1 ;; condrestart|try-restart) rh_status_q || exit 7 restart ;; *) echo $"Usage: $0 {start|stop|reload|configtest|status|force-reload|upgrade|restart|reopen_logs}" exit 2 esac
在sysconfig下面一个小配置文件,会被启动文件调用,指明了配置文件的位置
[root@localhost /etc/sysconfig]#cat nginx # Configuration file for the nginx service # set this to the location of the nginx configuration file NGINX_CONF_FILE=/etc/nginx/nginx.conf
查看软件都编译了哪些模块
[root@localhost ~]#nginx -V nginx version: nginx/1.10.2 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx \ --sbin-path=/usr/sbin/nginx \ --modules-path=/usr/lib64/nginx/modules \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --http-client-body-temp-path=/var/lib/nginx/tmp/client_body \ --http-proxy-temp-path=/var/lib/nginx/tmp/proxy \ --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \ --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \ --http-scgi-temp-path=/var/lib/nginx/tmp/scgi \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/lock/subsys/nginx \ --user=nginx \ --group=nginx \ --with-file-aio \ --with-ipv6 \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_degradation_module \ --with-http_slice_module \ --with-http_stub_status_module \ --with-http_perl_module=dynamic \ --with-mail=dynamic \ --with-mail_ssl_module \ --with-pcre \ --with-pcre-jit \ --with-stream=dynamic \ --with-stream_ssl_module \ --with-debug \ --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \ --with-ld-opt=' -Wl,-E'
真多,,,
=========================================================
下面是编译安装nginx,之后会将其自动化为脚本文件,
系统版本:centos6.8
nginx版本:1.12.0 稳定版
说明:除了日志目录和web目录之外,所有nginx相关的文件都在一个目录下面,便于管理,包括配置文件,pid文件,奇怪,虽然这些文件都是自动创建的,但是不需要将目录属主和属组改为nginx就可以。
1、编译安装nginx
准备工作
[root@localhost ~]#useradd -r nginx -s /sbin/nologin [root@localhost ~]#id nginx uid=496(nginx) gid=492(nginx) groups=492(nginx) [root@localhost ~]#yum install -y gcc gcc-c++ autoconf automake libtool make cmake zlib zlib-devel openssl \ openssl-devel pcre-devel libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel
下载安装包
[root@localhost ~]#wget http://nginx.org/download/nginx-1.12.0.tar.gz [root@localhost ~]#tar xf nginx-1.12.0.tar.gz [root@localhost ~]#cd nginx-1.12.0 [root@localhost ~/nginx-1.12.0]#ls auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
设置配置选项,说明:http_dav_module分布式版本协作 http_stub_status_module状态输出模块 threads线程池 file-aio异步文件io stream可以代理tcp协议,有用
关于具体的配置含义和默认选项,查看说明文档:http://nginx.org/en/docs/configure.html
[root@localhost ~/nginx-1.12.0]#./configure --help http://nginx.org/en/docs/configure.html [root@localhost nginx-1.12.0]# ./configure \ --prefix=/usr/local/nginx \ --sbin-path=/usr/local/nginx/sbin/nginx \ --modules-path=/usr/local/nginx/modules \ --conf-path=/usr/local/nginx/conf/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --http-client-body-temp-path=/usr/local/nginx/tmp/client_body \ --http-proxy-temp-path=/usr/local/nginx/tmp/proxy \ --http-fastcgi-temp-path=/usr/local/nginx/tmp/fastcgi \ --http-uwsgi-temp-path=/usr/local/nginx/tmp/uwsgi \ --http-scgi-temp-path=/usr/local/nginx/tmp/scgi \ --pid-path=/usr/local/nginx/run/nginx.pid \ --lock-path=/usr/local/nginx/run/lock/nginx \ --user=nginx \ --group=nginx \ --with-file-aio \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_degradation_module \ --with-http_slice_module \ --with-http_stub_status_module \ --with-http_perl_module=dynamic \ --with-mail=dynamic \ --with-mail_ssl_module \ --with-pcre \ --with-pcre-jit \ --with-stream=dynamic \ --with-stream_ssl_module \ --with-debug \ --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \ --with-ld-opt=' -Wl,-E' Configuration summary + using system PCRE library + using system OpenSSL library + using system zlib library nginx path prefix: "/usr/local/nginx" nginx binary file: "/usr/local/nginx/sbin/nginx" nginx modules path: "/usr/local/nginx/modules" nginx configuration prefix: "/usr/local/nginx/conf" nginx configuration file: "/usr/local/nginx/conf/nginx.conf" nginx pid file: "/usr/local/nginx/run/nginx.pid" nginx error log file: "/var/log/nginx/error.log" nginx http access log file: "/var/log/nginx/access.log" nginx http client request body temporary files: "/usr/local/nginx/tmp/client_body" nginx http proxy temporary files: "/usr/local/nginx/tmp/proxy" nginx http fastcgi temporary files: "/usr/local/nginx/tmp/fastcgi" nginx http uwsgi temporary files: "/usr/local/nginx/tmp/uwsgi" nginx http scgi temporary files: "/usr/local/nginx/tmp/scgi"
开始编译安装,使用4个核心来编译,速度快些
[root@localhost ~/nginx-1.12.0]#make -j 4 && make install [root@localhost /usr/local/nginx]#ls conf html modules run sbin [root@localhost /usr/local/nginx]#mkdir tmp [root@localhost /usr/local/nginx]#ll #最后定的目录列表 total 24 drwxr-xr-x. 3 root root 4096 Jun 8 02:45 conf drwxr-xr-x. 2 root root 4096 Jun 8 01:46 html drwxr-xr-x. 2 root root 4096 Jun 8 02:32 modules drwxr-xr-x. 3 root root 4096 Jun 8 02:46 run drwxr-xr-x. 2 root root 4096 Jun 8 01:46 sbin drwxr-xr-x. 7 root root 4096 Jun 8 02:34 tmp [root@localhost /usr/local/nginx]#cd run/ [root@localhost /usr/local/nginx/run]#ls [root@localhost /usr/local/nginx/run]#mkdir lock #tmp和这个lock目录要手动创建,相当于父目录,会自动在里面创建属主为nginx的临时目录
将nginx的执行文件目录添加到系统的PATH路径中
[root@localhost /etc/profile.d]#cat nginx.sh PATH=/usr/local/nginx/sbin:$PATH export PATH [root@localhost /etc/profile.d]#source nginx.sh
为nginx添加service服务文件,因为源码文件中没有提供service文件参考,这里根据上面rpm包修改,如果目录不同,需要根据实际情况修改
[root@localhost /etc/init.d]#cat nginx #!/bin/sh # # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /usr/local/nginx/conf/nginx.conf # pidfile: /usr/local/nginx/run/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/usr/local/nginx/sbin/nginx" prog=$(basename $nginx) lockfile="/usr/local/nginx/run/lock/nginx" pidfile="/usr/local/nginx/run/nginx.pid" NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" #以上内容需要根据实际情况修改 start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc -p $pidfile $prog retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest_q || return 6 stop start } reload() { configtest_q || return 6 echo -n $"Reloading $prog: " killproc -p $pidfile $prog -HUP echo } configtest() { $nginx -t -c $NGINX_CONF_FILE } configtest_q() { $nginx -t -q -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } # Upgrade the binary with no downtime. upgrade() { local oldbin_pidfile="${pidfile}.oldbin" configtest_q || return 6 echo -n $"Upgrading $prog: " killproc -p $pidfile $prog -USR2 retval=$? sleep 1 if [[ -f ${oldbin_pidfile} && -f ${pidfile} ]]; then killproc -p $oldbin_pidfile $prog -QUIT success $"$prog online upgrade" echo return 0 else failure $"$prog online upgrade" echo return 1 fi } # Tell nginx to reopen logs reopen_logs() { configtest_q || return 6 echo -n $"Reopening $prog logs: " killproc -p $pidfile $prog -USR1 retval=$? echo return $retval } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest|reopen_logs) $1 ;; force-reload|upgrade) rh_status_q || exit 7 upgrade ;; reload) rh_status_q || exit 7 $1 ;; status|status_q) rh_$1 ;; condrestart|try-restart) rh_status_q || exit 7 restart ;; *) echo $"Usage: $0 {start|stop|reload|configtest|status|force-reload|upgrade|restart|reopen_logs}" exit 2 esac
添加动态链接库路径,会在下面的配置文件中调用
[root@localhost /usr/local/nginx/modules]#cat modules.conf load_module "/usr/local/nginx/modules/ngx_http_perl_module.so"; load_module "/usr/local/nginx/modules/ngx_stream_module.so"; load_module "/usr/local/nginx/modules/ngx_http_geoip_module.so"; load_module "/usr/local/nginx/modules/ngx_http_xslt_filter_module.so"; load_module "/usr/local/nginx/modules/ngx_http_image_filter_module.so"; load_module "/usr/local/nginx/modules/ngx_mail_module.so"; [root@localhost /usr/local/nginx/modules]#ls modules.conf ngx_http_perl_module.so ngx_stream_module.so ngx_http_geoip_module.so ngx_http_xslt_filter_module.so ngx_http_image_filter_module.so ngx_mail_module.so
修改配置文件
[root@localhost /usr/local/nginx/conf]#cat nginx.conf # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /usr/local/nginx/run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/local/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /usr/local/nginx/conf/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /usr/local/nginx/conf/conf.d/*.conf; }
添加一个web配置文件
[root@localhost /usr/local/nginx/conf/conf.d]#cat 80.conf # # The default server # server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /web; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
为service文件添加权限,添加开机启动
[root@localhost /etc/init.d]#dos2unix nginx dos2unix: converting file nginx to UNIX format ... [root@localhost /etc/init.d]#chmod +x nginx [root@localhost /etc/init.d]#ll nginx -rwxr-xr-x. 1 root root 2799 Jun 8 02:06 nginx [root@localhost /etc/init.d]#chkconfig --add nginx [root@localhost /etc/init.d]#chkconfig --list nginx nginx 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@localhost /etc/init.d]#chkconfig nginx on [root@localhost /etc/init.d]#chkconfig --list nginx nginx 0:off 1:off 2:on 3:on 4:on 5:on 6:off
添加日志滚动配置,下面的那个发送信号的命令可以发送给其他的pid文件都可以
在bash中 : 冒号,这是一个内建指令:\"什么事都不干\",但返回状态值 0。
[root@localhost /etc/logrotate.d]#cat nginx /var/log/nginx/*log { daily rotate 10 missingok notifempty compress sharedscripts postrotate /bin/kill -USR1 $(cat /usr/local/nginx/run/nginx.pid 2>/dev/null) 2>/dev/null || : endscript }
添加web文件,并将其目录权限设置为nginx
[root@localhost /]#mkdir /web [root@localhost /]#chown nginx.nginx /web [root@localhost /]#cd web [root@localhost /web]#vim index.html <h1> test page </h1>
测试,这里不能通过检测80端口是否存在,因为有可能监听在其他端口,可靠的方法是检测是否有nginx用户,并且将能不能请求到测试的页面资源来作为最终的依据
[root@localhost ~]#ss -tnlp | grep nginx LISTEN 0 128 *:80 *:* users:(("nginx",69429,6),("nginx",69430,6)) [root@localhost ~]#echo $? 0 [root@localhost ~]#curl localhost <h1> test page </h1>
经测试,/var/log/nginx目录不需要设置为nginx权限,root权限一样可以写入日志,应该是nginx的主进程是root用户,可以操作。但是nginx这个目录必须存在。
彻底隐藏nginx版本
需要修改源码,这样http的头部server就会改为自己定义的
cd nginx-1.12.0 sed -i "s#\"nginx/\"#\"andy/\"#g" ./src/core/nginx.h sed -i "s#\"NGINX\"#\"andy\"#g" ./src/core/nginx.h sed -i "s#nginx\"#andy\"#g" ./src/http/ngx_http_header_filter_module.c sed -i "s#<center>nginx#<center>andy#g" ./src/http/ngx_http_special_response.c
配置文件中关闭server里面的版本号,添加下面的配置
关闭nginx版本信息 server_tokens off;
–
–
–
评论前必须登录!
注册