ngnix服务部署
nginx web服务
如何知道nginx是否安装
使用rpm包或者yum安装的方式
rpm -q nginx
yum list
编译安装nginx
[aaa@qq.com ~]# find / -name nginx
yum install mlocate
updatedb
[aaa@qq.com ~]# locate nginx
nginx.conf主配置文件详解
user nginx; #启动的时候使用哪个用户启动
worker_processes auto; #启动工作进程的数量和cpu核心的数量一致,有多少个cpu核心,就启动多少个工作进程
error_log /var/log/nginx/error.log; #web服务访问出错的信息记录到错误日志文件,还有服务启动出错的信息
pid /run/nginx.pid; #记录nginx进程启动后的pid号
include /usr/share/nginx/modules/*.conf; #加载其他的模块的配置文件
events {
worker_connections 1024; #同时允许多少客户端连接,这个值可以根据你的服务器的硬件资源进行调整,最好进行压力测试,设置这个值
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';#日志的格式
access_log /var/log/nginx/access.log main; #采用格式
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65; #开启长连接
types_hash_max_size 2048;
include /etc/nginx/mime.types; #支持的文件类型
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf; #次要配置文件加载
server配置就是真正提供web服务的配置
server {
listen 80 default_server; #ipv4的端口号
listen [::]:80 default_server; ##ipv6的端口号
server_name www.sanlelearning.com; #支持的域名是多少
root /usr/share/nginx/html; #网页存放的路径
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf; #其他配置文件加载
location / {
}
error_page 404 /404.html; #404错误的处理
location = /40x.html {
}
error_page 500 502 503 504 /50x.html; #50开头的错误代码处理
location = /50x.html {
}
用户启动的效果
root用户启动的是管理进程
nginx用户启动的工作进程
[root@mysql-server ~]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 7964 root 6u IPv4 324977 0t0 TCP *:http (LISTEN)
nginx 7964 root 7u IPv6 324978 0t0 TCP *:http (LISTEN)
nginx 7965 nginx 6u IPv4 324977 0t0 TCP *:http (LISTEN)
nginx 7965 nginx 7u IPv6 324978 0t0 TCP *:http (LISTEN)
[root@mysql-server ~]#
如何知道有几颗cpu,每颗cpu里有几个核心?
- top 然后按数字1
-
cat /proc/cpuinfo
processor : 0 #第1颗cpu
core id : 0 #核的编号
cpu cores : 1 #第1颗cpu里有一个核
web压力测试软件
ab -c 10 -n1000 http://192.168.0.51/index.html
ab –》安装好httpd就有的压力测试软件 yum install httpd
-n requests Number of requests to perform
每个页面请求的次数
-c concurrency Number of multiple requests to make at a time
同时访问的客户端的数量
总的数量= -n的值 * -c的值
[aaa@qq.com modules]# ab -c 10 -n100000 http://192.168.0.51/index.html
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.0.51 (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests
Completed 60000 requests
Completed 70000 requests
Completed 80000 requests
Completed 90000 requests
Completed 100000 requests
Finished 100000 requests
Server Software: nginx/1.12.2
Server Hostname: 192.168.0.51
Server Port: 80
Document Path: /index.html
Document Length: 3700 bytes
Concurrency Level: 10
Time taken for tests: 19.985 seconds
Complete requests: 100000
Failed requests: 0
Write errors: 0
Total transferred: 393400000 bytes
HTML transferred: 370000000 bytes
Requests per second: 5003.75 [#/sec] (mean) ###平均每秒的请求数
Time per request: 1.999 [ms] (mean) ###平均每个请求消耗的时间
Time per request: 0.200 [ms] (mean, across all concurrent requests)
Transfer rate: 19223.38 [Kbytes/sec] received ###传输速率
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.4 0 27
Processing: 0 2 1.3 1 55
Waiting: 0 1 1.2 1 55
Total: 1 2 1.4 2 56
Percentage of the requests served within a certain time (ms)
50% 2 ###50%的请求都在2ms内完成
66% 2
75% 2
80% 2
90% 3
95% 4
98% 5
99% 7
100% 56 (longest request)
[aaa@qq.com modules]#
-
1、吞吐率(Requests per second):
服务器并发处理能力的量化描述,单位是reqs/s,指的是在某个并发用户数下单位时间内处理的请求数。某个并发用户数下单位时间内能处理的最大请求数,称之为最大吞吐率。
记住:吞吐率是基于并发用户数的。这句话代表了两个含义:
a、吞吐率和并发用户数相关
b、不同的并发用户数下,吞吐率一般是不同的
计算公式:总请求数/处理完成这些请求数所花费的时间,即
Request per second=Complete requests/Time taken for tests
必须要说明的是,这个数值表示当前机器的整体性能,值越大越好。
2、用户平均请求等待时间(Time per request):
计算公式:处理完成所有请求数所花费的时间/(总请求数/并发用户数),即:
Time per request=Time taken for tests/(Complete requests/Concurrency
Level)3、服务器平均请求等待时间(Time per request:across all concurrent requests):
计算公式:处理完成所有请求数所花费的时间/总请求数,即:
Time taken for/testsComplete requests
可以看到,它是吞吐率的倒数。
同时,它也等于用户平均请求等待时间/并发用户数,即
Time per request/Concurrency Level。
多server案例(虚拟主机)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.a.com;
root /usr/share/nginx/html/a; #a网站的路径
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80 ;
server_name www.b.com; #b网站的域名
root /usr/share/nginx/html/b;#b网站的路径
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
修改本机的/etc/hosts文件
[aaa@qq.com nginx]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.51 www.a.com
192.168.0.51 www.b.com
[aaa@qq.com nginx]#
测试访问
[aaa@qq.com nginx]# curl www.a.com
aaaaaaaaaaaaaaaa
[aaa@qq.com nginx]# curl www.b.com
bbbbbbbbbbbbbbbbbbbbb
[aaa@qq.com nginx]#
[aaa@qq.com nginx]# curl 192.168.0.51 #默认的网站
aaaaaaaaaaaaaaaa
[aaa@qq.com nginx]#
nginx可以python、php、java配合,需要在配置文件里做动静分离
nginx默认只支持静态页面—>.html
动态页面需要交给其他的程序来处理
- .py —>python
- .php —>php的解释器处理 fastcgi-php
- .jsp —>tomcat
nginx对https支持
https://blog.csdn.net/w410589502/article/details/72833283
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.c.com;
root /usr/share/nginx/html/c;
ssl_certificate "/usr/share/nginx/html/key/certreq.crt";
ssl_certificate_key "/usr/share/nginx/html/key/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
生成key和csr文件
[aaa@qq.com nginx]# cd /usr/share/nginx/html/key/
生成私钥
[aaa@qq.com key]#openssl genrsa -out server.key 2048
生成csr文件
[aaa@qq.com key]# openssl req -new -key server.key -out certreq.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hunan
Locality Name (eg, city) [Default City]:changsha
Organization Name (eg, company) [Default Company Ltd]:sanle
Organizational Unit Name (eg, section) []:sanchuang
Common Name (eg, your name or your server's hostname) []:cali
Email Address []:aaa@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[aaa@qq.com key]# ls #查看文件
certreq.csr server.key
[aaa@qq.com key]#
生成一个补丁文件certreq.crt
[aaa@qq.com key]# openssl x509 -req -days 365 -in certreq.csr -signkey server.key -out certreq.crt
Signature ok
subject=/C=cn/ST=hunan/L=changsha/O=sanle/OU=sanchuang/CN=cali/aaa@qq.com
Getting Private key
[aaa@qq.com key]# ls
certreq.crt certreq.csr server.key
[aaa@qq.com key]#
注:ssl_certificate 和 ssl_certificate_key 的路径就是我们ssl证书申请的路径
ssl_certificate证书其实是个公钥,它会被发送到连接服务器的每个客户端,ssl_certificate_key私钥是用来解密的,所以它的权限要得到保护但nginx的主进程能够读取。当然私钥和证书可以放在一个证书文件中,这种方式也只有公钥证书才发送到client。
ssl_session_timeout 客户端可以重用会话缓存中ssl参数的过期时间,内网系统默认5分钟太短了,可以设成30m即30分钟甚至4h。
ssl_protocols指令用于启动特定的加密协议,nginx在1.1.13和1.0.12版本后默认是ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2,TLSv1.1与TLSv1.2要确保OpenSSL >= 1.0.1 ,SSLv3 现在还有很多地方在用但有不少被攻击的漏洞。
ssl_ciphers选择加密套件,不同的浏览器所支持的套件(和顺序)可能会不同。这里指定的是OpenSSL库能够识别的写法,你可以通过 openssl -v cipher ‘RC4:HIGH:!aNULL:!MD5’(后面是你所指定的套件加密算法) 来看所支持算法。
ssl_prefer_server_ciphers on设置协商加密算法时,优先使用我们服务端的加密套件,而不是客户端浏览器的加密套件。
启动nginx
[aaa@qq.com nginx]# service nginx restart #重新启动nginx服务
Redirecting to /bin/systemctl restart nginx.service
[aaa@qq.com nginx]#
[aaa@qq.com nginx]# lsof -i:443 #查看443端口
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 20559 root 8u IPv4 1064208 0t0 TCP *:https (LISTEN)
nginx 20559 root 9u IPv6 1064209 0t0 TCP *:https (LISTEN)
nginx 20560 nginx 8u IPv4 1064208 0t0 TCP *:https (LISTEN)
nginx 20560 nginx 9u IPv6 1064209 0t0 TCP *:https (LISTEN)
[aaa@qq.com nginx]#
访问验证
linux里访问
[aaa@qq.com key]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.51 www.a.com
192.168.0.51 www.c.com #添加域名解析
192.168.0.51 www.b.com
[aaa@qq.com key]#
[aaa@qq.com nginx]# curl -k https://www.c.com
cccccccccccccccccc
[aaa@qq.com nginx]#
windows里访问
windows里访问,因为证书是我们自己颁发的,所以浏览器不承认,需要购买权威机构的证书,就可以了。
访问http协议给重定向到https端口
方法1:
因为http的80是默认端口,监听80端口可以让http重定向到https端口上
server {
listen 80;
server_name www.c.com;
rewrite ^(.*)$ https://$server_name$1 permanent; #添加重定向配置
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.c.com;
root /usr/share/nginx/html/c;
方法2
index.html刷新网页
思路
上述两种方法均会耗费服务器的资源,我们用curl访问baidu.com试一下,看百度的公司是如何实现baidu.com向www.baidu.com的跳转
可以看到百度很巧妙的利用meta的刷新作用,将baidu.com跳转到www.baidu.com.因此我们可以基于http://test.com的虚拟主机路径下也写一个index.html,内容就是http向https的跳转
配置www.b.com验证
server {
listen 80 ;
server_name www.b.com; #域名
root /usr/share/nginx/html/b; #网站目录
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
去首页里修改,使用刷新跳转功能
[aaa@qq.com nginx]# cd /usr/share/nginx/html/b
[aaa@qq.com b]# ls
index.html
[aaa@qq.com b]# cat index.html #修改首页
<html>
<meta http-equiv="refresh" content="0;url=https://www.c.com/">
</html>
[aaa@qq.com b]#
在windows机器上验证
修改C:\Windows\System32\drivers\etc下的hosts文件
ping验证域名对应的ip是否修改成功
在浏览器里访问
点击访问
nginx的状态
location /nginx_status {
stub_status on;
access_log off;
}
连接nginx查看状态
curl http://192.168.0.51/nginx_status
Active connections: 11921
server accepts handled requests
11989 11989 11991
Reading: 0 Writing: 7 Waiting: 42
nginx status详解
active connections – 活跃的连接数量
server accepts handled requests — 总共处理了11989个连接 , 成功创建11989次握手, 总共处理了11991个请求
reading — 读取客户端的连接数.
writing — 响应数据到客户端的数量
waiting — 开启 keep-alive 的情况下,这个值等于 active – (reading+writing), 意思就是 Nginx 已经处理完正在等候下一次请求指令的驻留连接.
上一篇: nginx服务部署
下一篇: Golang 学习笔记-----包