nginx

定义

• 是一款高性能的http 和反向代理的web服务器。同时也提供了IMAP/POP/SMTP服务
• 其特点是占用内存省，并发能力强。
• 是一款安装非常简单，配置文件简洁，bug非常少的服务。
• nginx代码完全用C语言从头写成，支撑5万个并发连接响应。

代理

• 正向代理代理客户端
• 反向代理代理客户端

三大功能

• 反向代理
• 负载均衡
• 动静分离

安装

windows安装

windows安装包下载

linux安装

• 使用方法为源代码安装

1. 下载安装包https://nginx.org/download/nginx-1.22.0.tar.gz
2. 解压tar -zxvf nginx-1.22.0.tar.gz
3. 源代码安装 cd nginx-1.22.0;./configure;make;make install
4. 验证 whereis nginx

• yum安装

1. 安装gcc yum -y install gcc gcc-c++
2. PCRE pcre-devel 库安装
   yum -y install pcre pcre-devel
3. zlib 安装 yum -y install zlib
4. openssl安装 yum -y install open penssl-devel
5. nginx 安装 yum -y install nginx

常用命令

cd /usr/local/nginx/bin
./nginx                             #启动
./nginx -s stop                  #停止
./nginx -s quit                  #安全退出
./nginx -s reload                 #重新加载配置文件

应用实战，配置文件分析

[root@gd-gz-zs-idc-test2 conf]# cat nginx.conf

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    
   upstream backend {  # 反向代理 upstream
    server 183.232.148.219  weight=5;
    server 120.237.198.187 weight=3;
}
    server {  # 第一个web网页，默认端口号80
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    
    }

    server {   # 第二个web网页，端口号81
        listen       81;
        server_name  localhost;
        location / {
            root   html;
            index  index2.html index2.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    
    }
    server {   #反向代理 ，端口号82
        listen       82;
        location / {
            proxy_pass http://backend; 
    }
    }
}

NGINX案例

web 网页案例

1. 创建目录 ,及网页内容
mkdir -p /var/www/example.com/html

cat > /var/www/example.com/html/index.html << eof
<!DOCTYPE html>
<html>
<head>
    <title>Welcome to Example.com!</title>
</head>
<body>
    <h1>Hello, World! This is the homepage of example.com.</h1>
</body>
</html>
eof


2. 配置nginx主机  
cat >  /etc/nginx/sites-available/example.com << eof
server {
    listen 80;
    server_name example.com www.example.com;

    root /var/www/example.com/html;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}
eof

3. 使用以下命令，将新创建的虚拟主机配置文件链接到 sites-enabled 目录：
 ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

4. 将默认目录删除（可选）
rm /etc/nginx/sites-enabled/default
5. 重启nginx
systemctl reload nginx

上述案例中启用https:

自签证书

1. 登陆自建证书目录 
 mkdir -p /etc/nginx/ssl/
2. 生成文件，后面会有一堆提示，按实际情况填写就ok

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx-selfsigned.key -out /etc/nginx/ssl/nginx-selfsigned.crt

在此过程中，您会被询问一些问题（如国家、公司名称等）。域名部分可以留空或填入IP地址。
3. 修改https 网而配置文件 
cat >  /etc/nginx/sites-available/example.com 
server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl;
    server_name example.com www.example.com;
    ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
    root /var/www/example.com/html;
    index index.html index.htm;
    location / {
        try_files $uri $uri/ =404;
    }
}

使用certbot

1. 安装 cerbot 
yum install -y epel-release
yum install -y certbot python2-certbot-nginx
2. 生成证书 
方法1
certbot certonly --nginx -d www.example.com


或者使用 
方法二
certbot --nginx -d example.com -d www.example.com

Certbot 会自动修改你的 Nginx 配置文件，并启用 HTTPS。你的网站现在可以通过 HTTPS 安全访问

3. 最终nginx 配置文件的内容为

cat /etc/nginx/sites-available/example.com 
server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;  # 强制 HTTP 重定向到 HTTPS
}

server {
    listen 443 ssl;
    server_name example.com www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    root /var/www/example.com/html;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

4. 重启访问 
systemctl restart nginx 

反向代理配置文件

cat /etc/nginx/conf.d/esxi.conf
server {
    listen 80;
    server_name 103.227.80.165;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl;
    server_name 103.227.80.165;

    ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;

    location / {
        proxy_pass https://103.235.238.125;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_ssl_server_name on;
    }
}