实践Nginx

Nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server.

安装

RedHat

1 2 3 4

# 配置 $ ./configure --prefix=/home/eht/software/nginx --with-openssl=../openssl-1.0.2o --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.11 --with-stream # 编译并安装 $ make & make install

也可以先安装相关依赖，然后再安装nginx

1 2 3 4 5 6

# 安装依赖 $ sudo yum install -y openssl-devel pcre-devel zlib-devel # 配置 $ ./configure --prefix=/home/eht/software/nginx --with-http_ssl_module --with-pcre --with-stream # 编译并安装 $ make & make install

Debian

Deepin 15.11 64 bit

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90

$ sudo apt install nginx [sudo] password for ray: Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: libnginx-mod-http-auth-pam libnginx-mod-http-dav-ext libnginx-mod-http-echo libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-subs-filter libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream nginx-common nginx-full Suggested packages: fcgiwrap nginx-doc The following NEW packages will be installed: libnginx-mod-http-auth-pam libnginx-mod-http-dav-ext libnginx-mod-http-echo libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-subs-filter libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream nginx nginx-common nginx-full 0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded. Need to get 1,588 kB of archives. After this operation, 2,865 kB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://packages.deepin.com/deepin lion/main amd64 nginx-common all 1.10.3-1+deb9u2 [105 kB] Get:2 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-http-auth-pam amd64 1.10.3-1+deb9u2 [86.1 kB] Get:3 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-http-dav-ext amd64 1.10.3-1+deb9u2 [87.8 kB] Get:4 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-http-echo amd64 1.10.3-1+deb9u2 [97.1 kB] Get:5 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-http-geoip amd64 1.10.3-1+deb9u2 [87.2 kB] Get:6 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-http-image-filter amd64 1.10.3-1+deb9u2 [90.2 kB] Get:7 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-http-subs-filter amd64 1.10.3-1+deb9u2 [89.1 kB] Get:8 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-http-upstream-fair amd64 1.10.3-1+deb9u2 [89.3 kB] Get:9 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-http-xslt-filter amd64 1.10.3-1+deb9u2 [89.1 kB] Get:10 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-mail amd64 1.10.3-1+deb9u2 [117 kB] Get:11 http://packages.deepin.com/deepin lion/main amd64 libnginx-mod-stream amd64 1.10.3-1+deb9u2 [110 kB] Get:12 http://packages.deepin.com/deepin lion/main amd64 nginx-full amd64 1.10.3-1+deb9u2 [459 kB] Get:13 http://packages.deepin.com/deepin lion/main amd64 nginx all 1.10.3-1+deb9u2 [81.8 kB] Fetched 1,588 kB in 6s (249 kB/s) Preconfiguring packages ... Selecting previously unselected package nginx-common. (Reading database ... 213639 files and directories currently installed.) Preparing to unpack .../00-nginx-common_1.10.3-1+deb9u2_all.deb ... Unpacking nginx-common (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-http-auth-pam. Preparing to unpack .../01-libnginx-mod-http-auth-pam_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-http-auth-pam (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-http-dav-ext. Preparing to unpack .../02-libnginx-mod-http-dav-ext_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-http-dav-ext (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-http-echo. Preparing to unpack .../03-libnginx-mod-http-echo_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-http-echo (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-http-geoip. Preparing to unpack .../04-libnginx-mod-http-geoip_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-http-geoip (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-http-image-filter. Preparing to unpack .../05-libnginx-mod-http-image-filter_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-http-image-filter (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-http-subs-filter. Preparing to unpack .../06-libnginx-mod-http-subs-filter_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-http-subs-filter (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-http-upstream-fair. Preparing to unpack .../07-libnginx-mod-http-upstream-fair_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-http-upstream-fair (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-http-xslt-filter. Preparing to unpack .../08-libnginx-mod-http-xslt-filter_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-http-xslt-filter (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-mail. Preparing to unpack .../09-libnginx-mod-mail_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-mail (1.10.3-1+deb9u2) ... Selecting previously unselected package libnginx-mod-stream. Preparing to unpack .../10-libnginx-mod-stream_1.10.3-1+deb9u2_amd64.deb ... Unpacking libnginx-mod-stream (1.10.3-1+deb9u2) ... Selecting previously unselected package nginx-full. Preparing to unpack .../11-nginx-full_1.10.3-1+deb9u2_amd64.deb ... Unpacking nginx-full (1.10.3-1+deb9u2) ... Selecting previously unselected package nginx. Preparing to unpack .../12-nginx_1.10.3-1+deb9u2_all.deb ... Unpacking nginx (1.10.3-1+deb9u2) ... Setting up nginx-common (1.10.3-1+deb9u2) ... Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /lib/systemd/system/nginx.service. Setting up libnginx-mod-http-image-filter (1.10.3-1+deb9u2) ... Setting up libnginx-mod-http-subs-filter (1.10.3-1+deb9u2) ... Processing triggers for systemd (232-25+deb9u6) ... Setting up libnginx-mod-http-auth-pam (1.10.3-1+deb9u2) ... Setting up libnginx-mod-http-dav-ext (1.10.3-1+deb9u2) ... Setting up libnginx-mod-mail (1.10.3-1+deb9u2) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up libnginx-mod-http-xslt-filter (1.10.3-1+deb9u2) ... Setting up libnginx-mod-http-upstream-fair (1.10.3-1+deb9u2) ... Setting up libnginx-mod-http-geoip (1.10.3-1+deb9u2) ... Setting up libnginx-mod-stream (1.10.3-1+deb9u2) ... Setting up libnginx-mod-http-echo (1.10.3-1+deb9u2) ... Setting up nginx-full (1.10.3-1+deb9u2) ... Setting up nginx (1.10.3-1+deb9u2) ...

命令

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

$ nginx -h nginx version: nginx/1.13.3 Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives] Options: -?,-h : this help -v : show version and exit -V : show version and configure options then exit -t : test configuration and exit -T : test configuration, dump it and exit -q : suppress non-error messages during configuration testing -s signal : send signal to a master process: stop, quit, reopen, reload -p prefix : set prefix path (default: /usr/share/nginx/) -c filename : set configuration file (default: /etc/nginx/nginx.conf) -g directives : set global directives out of configuration file

启动

1

$ nginx

reload

不中断当前服务的情况下，优雅的重新加载配置并生效。

1	$ nginx -s reload

quit

优雅停机

stop

快速停机

reopen

新打开日志文件

当日志文件很大了，先移走原日志文件，此时日志依然在向里面写入，然后reopen新开一个日志文件。

比如：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

$ ll logs/ total 137364 -rw-r--r-- 1 app apps 131416113 Jan 12 17:02 access.log -rw-r--r-- 1 app apps 852473 Jan 12 17:00 error.log # 移走原日志文件 $ mv logs/access.log logs/access.log.202201121704 $ ll logs/ total 137364 -rw-r--r-- 1 app apps 131416113 Jan 12 17:02 access.log.202201121704 -rw-r--r-- 1 app apps 852473 Jan 12 17:00 error.log # reopen $ sbin/nginx -s reopen $ ll logs/ total 129196 -rw-r--r-- 1 app apps 2182 Jan 12 17:05 access.log -rw-r--r-- 1 app apps 131416113 Jan 12 17:02 access.log.202201121704 -rw-r--r-- 1 app apps 853031 Jan 12 17:05 error.log

user

Defines user and group credentials used by worker processes.

1	user app apps;

非root用户启动会报如下警告，这是因为1024以下端口只有root才有权限，如果端口1024以上，则可忽略此警告。

1	nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /app/nginx/conf/nginx.conf:1

work_processes

nginx has one master process and several worker processes.

The main purpose of the master process is to read and evaluate configuration, and maintain worker processes.

Worker processes do actual processing of requests.

日志

log_format

1 2 3

log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';

access_log

格式：access_log path [format] [gzip=level] [buffer=size] [flush=time]

1 2 3 4

# 关闭日志 access_log off; # 配置日志 access_log logs/access.log main;

error_log

1 2	error_log logs/error.log info; error_log logs/error.log;

虚拟主机

基于端口、ip或域名构建一个主机服务。nginx中server代表一个虚拟主机。

基于端口

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

server { listen 80; server_name localhost; localtion / { root html; index index.html index.htm; } } server { listen 8080; server_name localhost; localtion / { root html; index index.html index.htm; } }

基于IP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

server { listen 80; server_name 192.168.1.2; localtion / { root html/2; index index.html index.htm; } } server { listen 80; server_name 192.168.1.3; localtion / { root html/3; index index.html index.htm; } }

基于域名

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

server { listen 80; server_name abc.com; localtion / { root html/abc; index index.html index.htm; } } server { listen 80; server_name cde.com; localtion / { root html/cde; index index.html index.htm; } }

server_name支持通配符（*）和正则表达式，优先级为精准匹配>以通配符开始的匹配>以通配符结束的匹配>正则匹配。例如：

1 2 3

server_name *.abc.com; server_name abc.*; server_name ~^(?.+)\.domain\.com$;

default_server

目录列表

当index指令对应的文件不存在时，默认报错403 Forbidden，可以开启目录列表支持。

1 2 3 4

autoindex on; # 是否 autoindex_exact_size off; autoindex_localtime on;

http反向代理

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

http{ server{ listen 8008; server_name localhost; location ^~ /eas-tx/ { proxy_pass http://10.254.167.2:8081; } location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

http{ upstream app{ server 192.168.1.2:8081; server 192.168.1.3:8081; } server{ listen 8008; server_name localhost; location ^~ /eas-tx/ { proxy_pass http://app; } location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }

socket/ftp等反向代理

1 2 3 4 5 6 7 8 9

stream{ upstream abc{ server 172.18.8.196:11911; } server{ listen 11911; proxy_pass abc; } }

load balance

round_robin

轮训，默认

ip_hash

1 2 3 4 5

upstream cas{ ip_hash; server 192.168.1.191:8089; server 192.168.1.241:8089; }

least_conn

1 2 3 4 5

upstream cas{ least_conn; server 192.168.1.191:8089; server 192.168.1.241:8089; }

weight

1 2 3 4

upstream cas{ server 192.168.1.191:8089 weight=2; server 192.168.1.241:8089; }

proxy_pass

语法规则：proxy_pass URL

当URL中不含URI时，比如：http://192.168.78:8080，Nginx服务器不会改变原有地址的URI。

当URL中含有URI（port后面的/也是uri）时，比如：http://192.168.78:8080/和http://192.168.78:8080/index，Nginx服务器会使用proxy_pass中的URI替换原地址URI中的location部分，比如：访问http://192.168.1.1/proxy/test.html时，

1 2 3 4

location /proxy/ { proxy_pass http://127.0.0.1; } # 代理到URL：http://127.0.0.1/proxy/test.html

1 2 3 4

location /proxy/ { proxy_pass http://127.0.0.1/aaa/; } # 代理到URL：http://127.0.0.1/aaa/test.html，proxy_pass中的/aaa/替换原地址URI中location部分/proxy/

1 2 3 4

location /proxy/ { proxy_pass http://127.0.0.1/aaa; } # 代理到URL：http://127.0.0.1/aaatest.html，/proxy/被替换为/aaa

1 2 3 4

location /proxy/ { proxy_pass http://127.0.0.1/; } # 代理到URL：http://127.0.0.1/test.html，/proxy/被替换为/

当location为正则匹配时，URL中不能包含uri

location

基于URI匹配，详情参见官方说明

语法规则：location [=|~|~*|^~] pattern { … }

=：精确匹配，比如= /、= /abc，优先级最高

^~：表示前缀普通匹配，优先级在正则匹配之前，一旦匹配成功，则不再去尝试正则匹配，比如：^~ /abcde/

~：表示区分大小写的正则匹配，比如：~ \.jps$

~*：表示不区分大小写的正则匹配，比如：~* \.jps$

uri：表示前缀普通匹配，优先级在正则匹配之后，比如：/,/abcde/，/abcde/abc/

/：通用匹配，如果没有其它匹配，任何请求都会匹配到

普通匹配与定义顺序无关，与长度有关，优先匹配更长的

正则匹配与定义顺序相关

子文件

1	include file|mask;

file表示文件，mask表示目录，可以使用通配符。

rewrite

rewrite用于重写或重定向。

1	rewrite regex replacement [flag]

flag取值：

参数值	说明
last	终止rewrite，继续匹配其他规则	用于重写
break	终止rewrite，不再继续匹配其他规则	用于重写
redirect	临时重定向，返回的HTTP状态码为302	用于重定向
permanent	永久重定向，返回的HTTP状态码为301	用于重定向

比如：

1	rewrite ^(.*)$ https://$host$1 permanent;

proxy_redirect

proxy_redirect http:// https://;

变量

$host

proxy_set_header Host $host; $host就是代理服务器，也就是客户端请求的host

$proxy_host

proxy_set_header Host $proxy_host; $proxy_host就是服务器自己

$proxy_port：代表服务器自己的服务端口

$remote_addr

$http_x_forwarded_for

$proxy_add_x_forwarded_for

$scheme

1	proxy_set_header X-Forwarded-Proto $scheme;

alias

1 2 3 4

# 小程序要求域名根目录存放校验文件 location = /afasdfdsafasdf.txt { alias /usr/local/nginx/html/afasdfdsafasdf.txt; }

Q&A

302

nginx配置

1 2 3 4 5 6 7 8 9

location / { proxy_pass http://localhost:8080; # 不能少 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; }

spring boot中新增配置

1 2 3 4

server.use-forward-headers=true server.tomcat.protocol_header=x-forwarded-proto server.tomcat.remote_ip_header=x-forwarded-for server.tomcat.port-header=X-Forwarded-Port

如果nginx的ip地址不在范围（10/8，192.168/16，169.254/16，127/8，172.16/12和0:0:0:0:0:0:0:1|::1），则需要而外配置，比如：

1	server.tomcat.internal-proxies=188\.0\.\d{1,3}\.\d{1,3}

SpringBoot+Nginx+Https下redirect问题

howto-use-tomcat-behind-a-proxy-server