Nginx 入门教程
Nginx 是一款面向性能设计的 HTTP 服务器,能反向代理 HTTP,HTTPS 和邮件相关(SMTP,POP3,IMAP)的协议链接。并且提供了负载均衡以及 HTTP 缓存。它的设计充分使用异步事件模型,削减上下文调度的开销,提高服务器并发能力。采用了模块化设计,提供了丰富模块的第三方模块。
所以关于 Nginx,有这些标签:「异步」「事件」「模块化 」「高性能」「高并发」「反向代理」「负载均衡」
Linux系统:
Centos 7 x64
Nginx版本:1.11.5
prce(重定向支持)和openssl(https支持,如果不需要https可以不安装。)
yum install -y pcre-devel
yum -y install gcc make gcc-c++ wget
yum -y install openssl openssl-devel
CentOS 6.5 我安装的时候是选择的“基本服务器”,默认这两个包都没安装全,所以这两个都运行安装即可。
wget http://nginx.org/download/nginx-1.13.3.tar.gz
wget http://nginx.org/download/nginx-1.13.7.tar.gz
# 如果没有安装wget
# 下载已编译版本
$ yum install wget
# 解压压缩包
tar zxf nginx-1.13.3.tar.gz
cd nginx-1.11.5
./configure
....
Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ using system zlib library
nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx modules path: "/usr/local/nginx/modules"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
安装报错误的话比如:“C compiler cc is not found”,这个就是缺少编译环境,安装一下就可以了 yum -y install gcc make gcc-c++ openssl-devel
如果没有error信息,就可以执行下边的安装了:
make
make install
运行下面命令会出现两个结果,一般情况nginx会安装在
/usr/local/nginx
目录中cd /usr/local/nginx/sbin/
./nginx -t
# nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
# nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
vi ~/.bash_profile
将下面内容添加到
~/.bash_profile
文件中PATH=$PATH:$HOME/bin:/usr/local/nginx/sbin/
export PATH
运行命令
source ~/.bash_profile
让配置立即生 效。你就可以全局运行 nginx
命令了。brew install nginx
# Updating Homebrew...
# ==> Auto-updated Homebrew!
# Updated 2 taps (homebrew/core, homebrew/cask).
# ==> Updated Formulae
# ==> Installing dependencies for nginx: openssl, pcre
# ==> Installing nginx dependency: openssl
# ==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2o_1.high_sierra.bottle.tar.gz
# ######################################################################## 100.0%
# ==> Pouring openssl-1.0.2o_1.high_sierra.bottle.tar.gz
# ==> Caveats
# A CA file has been bootstrapped using certificates from the SystemRoots
# keychain. To add additional certificates (e.g. the certificates added in
# the System keychain), place .pem files in
# /usr/local/etc/openssl/certs
#
# and run
# /usr/local/opt/openssl/bin/c_rehash
#
# This formula is keg-only, which means it was not symlinked into /usr/local,
# because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.
#
# If you need to have this software first in your PATH run:
# echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.zshrc
#
# For compilers to find this software you may need to set:
# LDFLAGS: -L/usr/local/opt/openssl/lib
# CPPFLAGS: -I/usr/local/opt/openssl/include
# For pkg-config to find this software you may need to set:
# PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig
#
# ==> Summary
# 🍺 /usr/local/Cellar/openssl/1.0.2o_1: 1,791 files, 12.3MB
# ==> Installing nginx dependency: pcre
# ==> Downloading https://homebrew.bintray.com/bottles/pcre-8.42.high_sierra.bottle.tar.gz
# ######################################################################## 100.0%
# ==> Pouring pcre-8.42.high_sierra.bottle.tar.gz
# 🍺 /usr/local/Cellar/pcre/8.42: 204 files, 5.3MB
# ==> Installing nginx
# ==> Downloading https://homebrew.bintray.com/bottles/nginx-1.13.12.high_sierra.bottle.tar.gz
# ######################################################################## 100.0%
# ==> Pouring nginx-1.13.12.high_sierra.bottle.tar.gz
# ==> Caveats
# Docroot is: /usr/local/var/www
#
# The default port has been set in /usr/local/etc/nginx/nginx.conf to 8080 so that
# nginx can run without sudo.
#
# nginx will load all files in /usr/local/etc/nginx/servers/.
#
# To have launchd start nginx now and restart at login:
# brew services start nginx
# Or, if you don't wacd /usr/local/Cellar/nginx/1.13.12/n just run:
# cd /usr/local/Cellar/nginx/1.13.12/
注意默认端口不是
8080
查看确认端口是否被占用。brew services start nginx
# http://localhost:8080/
开机自启动方法一:
编辑 vi /lib/systemd/system/nginx.service 文件,没有创建一个 touch nginx.service 然后将如下内容根据具体情况进行修改后,添加到nginx.service文件中:
[Unit]
Description=nginx
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[Unit]
:服务的说明Description
:描述服务After
:描述服务类别[Service]
服务运行参数的设置Type=forking
是后台运行的形式ExecStart
为服务的具体运行命令ExecReload
为重启命令ExecStop
为停止命令PrivateTmp=True
表示给服务分配独立的临时空间
注意:
[Service]
的启动、重启、停止命令全部要求使用绝对路径。[Install]
运行级别下服务安装的相关设置,可设置为多用户,即系统运行级别为3
。保存退出。
设置开机启动,使配置生效:
# 启动nginx服务
systemctl start nginx.service
# 停止开机自启动
systemctl disable nginx.service
# 查看服务当前状态
systemctl status nginx.service
# 查看所有已启动的服务
systemctl list-units --type=service
# 重新启动服务
systemctl restart nginx.service
# 设置开机自启动
systemctl enable nginx.service
# 输出下面内容表示成功了
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
systemctl is-enabled servicename.service # 查询服务是否开机启动
systemctl enable *.service # 开机运行服务
systemctl disable *.service # 取消开机运行
systemctl start *.service # 启动服务
systemctl stop *.service # 停止服务
systemctl restart *.service # 重启服务
systemctl reload *.service # 重新加载服务配置文件
systemctl status *.service # 查询服务运行状态
systemctl --failed # 显示启动失败的服务
注:*代表某个服务的名字,如http的服务名为httpd
开机自启动方法二:
vi /etc/rc.local
# 在 rc.local 文件中,添加下面这条命令
/usr/local/nginx/sbin/nginx start
如果开机后发现自启动脚 本没有执行,你要去确认一下rc.local这个文件的访问权限是否是可执行的,因为rc.local默认是不可执行的。修改rc.local访问权限,增加可执行权限:
# /etc/rc.local是/etc/rc.d/rc.local的软连接,
chmod +x /etc/rc.d/rc.local
# 启动
/usr/local/nginx/sbin/nginx
# 重启
/usr/local/nginx/sbin/nginx -s reload
# 关闭进程
/usr/local/nginx/sbin/nginx -s stop
# 平滑关闭nginx
/usr/local/nginx/sbin/nginx -s quit
# 查看nginx的安装状态,
/usr/local/nginx/sbin/nginx -V
关闭防火墙,或者添加防火墙规则就可以测试了
service iptables stop
或者编辑配置文件:
vi /etc/sysconfig/iptables
添加这样一条开放80端口的规则后保存:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
重启服务即可:
service iptables restart
# 命令进行查看目前nat
iptables -t nat -L
service iptables restart
# Redirecting to /bin/systemctl restart iptables.service
# Failed to restart iptables.service: Unit iptables.service failed to load: No such file or directory.
在CentOS 7或RHEL 7或Fedora中防火墙由 firewalld 来管理,当然你可以还原传统的管理方式。或则使用新的命令进行管理。 假如采用传统请执行一下命令:
# 传统命令
systemctl stop firewalld
systemctl mask firewalld
# 安装命令
yum install iptables-services
systemctl enable iptables
service iptables restart
如果通过yum安装,使用下面命令安装。
yum remove nginx
编译安装,删除/usr/local/nginx目录即可 如果配置了自启动脚本,也需要删除。
参数 | 说明 |
--prefix= <path> | Nginx安装路径。如果没有指定,默认为 /usr/local/nginx。 |
--sbin-path= <path> | Nginx可执行文件安装路径。只能安装时指定,如果没有指定,默认为 <prefix> /sbin/nginx。 |
--conf-path= <path> | 在没有给定-c选项下默认的nginx.conf的路径。如果没有指定,默认为 <prefix> /conf/nginx.conf。 |
--pid-path= <path> | 在nginx.conf中没有指定pid指令的情况下,默认的nginx.pid的路径。如果没有 指定,默认为 <prefix> /logs/nginx.pid。 |
--lock-path= <path> | nginx.lock文件的路径。 |
--error-log-path= <path> | 在nginx.conf中没有指定error_log指令的情况下,默认的错误日志的路径。如果没有指定,默认为 <prefix> /- logs/error.log。 |
--http-log-path= <path> | 在nginx.conf中没有指定access_log指令的情况下,默认的访问日志的路径。如果没有指定,默认为 <prefix> /- logs/access.log。 |
--user= <user> | 在nginx.conf中没有指定user指令的情况下,默认的nginx使用的用户。如果没有指定,默认为 nobody。 |
--group= <group> | 在nginx.conf中没有指定user指令的情况下,默认的nginx使用的组。如果没有指定,默认为 nobody。 |
--builddir=DIR | 指定编译的目录 |
--with-rtsig_module | 启用 rtsig 模块 |
--with-select_module --without-select_module | 允许或不允许开启SELECT模式,如果 configure 没有找到更合适的模式,比如:kqueue(sun os),epoll (linux kenel 2.6+), rtsig(- 实时信号)或者/dev/poll(一种类似select的模式,底层实现与SELECT基本相 同,都是采用轮训方法) SELECT模式将是默认安装模式 |
--with-poll_module --without-poll_module | Whether or not to enable the poll module. This module is enabled by, default if a more suitable method such as kqueue, epoll, rtsig or /dev/poll is not discovered by configure. |
--with-http_ssl_module | Enable ngx_http_ssl_module. Enables SSL support and the ability to handle HTTPS requests. Requires OpenSSL. On Debian, this is libssl-dev. 开启HTTP SSL模块,使NGINX可以支持HTTPS请求。这个模块需要已经安装了OPENSSL,在DEBIAN上是libssl |
--with-http_realip_module | 启用 ngx_http_realip_module |
--with-http_addition_module | 启用 ngx_http_addition_module |
--with-http_sub_module | 启用 ngx_http_sub_module |
--with-http_dav_module | 启用 ngx_http_dav_module |
--with-http_flv_module | 启用 ngx_http_flv_module |
--with-http_stub_status_module | 启用 "server status" 页 |
--without-http_charset_module | 禁用 ngx_http_charset_module |
--without-http_gzip_module | 禁用 ngx_http_gzip_module. 如果启用,需要 zlib 。 |
--without-http_ssi_module | 禁用 ngx_http_ssi_module |
--without-http_userid_module | 禁用 ngx_http_userid_module |
--without-http_access_module | 禁用 ngx_http_access_module |
--without-http_auth_basic_module | 禁用 ngx_http_auth_basic_module |
--without-http_autoindex_module | 禁用 ngx_http_autoindex_module |
--without-http_geo_module | 禁用 ngx_http_geo_module |
--without-http_map_module | 禁用 ngx_http_map_module |
--without-http_referer_module | 禁用 ngx_http_referer_module |
--without-http_rewrite_module | 禁用 ngx_http_rewrite_module. 如果启用需要 PCRE 。 |
--without-http_proxy_module | 禁用 ngx_http_proxy_module |
--without-http_fastcgi_module | 禁用 ngx_http_fastcgi_module |
--without-http_memcached_module | 禁用 ngx_http_memcached_module |
--without-http_limit_zone_module | 禁用 ngx_http_limit_zone_module |
--without-http_empty_gif_module | 禁用 ngx_http_empty_gif_module |
--without-http_browser_module | 禁用 ngx_http_browser_module |
--without-http_upstream_ip_hash_module | 禁用 ngx_http_upstream_ip_hash_module |
--with-http_perl_module | 启用 ngx_http_perl_module |
--with-perl_modules_path=PATH | 指定 perl 模块的路径 |
--with-perl=PATH | 指定 perl 执行文件的路径 |
--http-log-path=PATH | Set path to the http access log |
--http-client-body-temp-path=PATH | Set path to the http client request body temporary files |
--http-proxy-temp-path=PATH | Set path to the http proxy temporary files |
--http-fastcgi-temp-path=PATH | Set path to the http fastcgi temporary files |
--without-http | 禁用 HTTP server |
--with-mail | 启用 IMAP4/POP3/SMTP 代理模块 |
--with-mail_ssl_module | 启用 ngx_mail_ssl_module |
--with-cc=PATH | 指定 C 编译器的路径 |
--with-cpp=PATH | 指定 C 预处理器的路径 |
--with-cc-opt=OPTIONS | Additional parameters which will be added to the variable CFLAGS. With the use of the system library PCRE in FreeBSD, it is necessary to indicate --with-cc-opt="-I /usr/local/include". If we are using select() and it is necessary to increase the number of file descriptors, then this also can be assigned here: --with-cc-opt="-D FD_SETSIZE=2048". |
--with-ld-opt=OPTIONS | Additional parameters passed to the linker. With the use of the system library PCRE in - FreeBSD, it is necessary to indicate --with-ld-opt="-L /usr/local/lib". |
--with-cpu-opt=CPU |