編譯安裝nginx并軟連接
一件安裝nginx
編譯安裝nginx負(fù)載均衡
下載:
mkdir -p /server/tools
cd /server/tools
wget http://nginx.org/download/nginx-1.16.0.tar.gz
#安裝依賴嗜侮。
yum install pcre pcre-devel -y
yum install openssl openssl-devel -y #https加密用他等曼。
#編譯安裝步驟
tar xf nginx-1.16.0.tar.gz
cd nginx-1.16.0/
useradd -s /sbin/nologin www -M
id www
./configure --user=www --group=www --prefix=/application/nginx-1.16.0/ --with-http_stub_status_module --with-http_ssl_module --with-pcre
make
make install
ln -s /application/nginx-1.16.0/ /application/nginx
/application/nginx/sbin/nginx
netstat -lntup|grep nginx
一妙蔗、實(shí)踐基于域名的虛擬主機(jī)
1匪凡、配置基于域名的nginx.conf內(nèi)容
先使用grep命令過(guò)濾命令來(lái)生成基礎(chǔ)的Nginx主配置文件nginx.conf路媚,然后根據(jù)生成的初始配置文件進(jìn)行修改骡和,使他成為所需要的形式箍鼓,具體命令如下:
[root@web02 ~]# cd /application/nginx/conf/
[root@web02 /application/nginx/conf]# egrep -v "^$|#" nginx.conf.default >nginx.conf 《===過(guò)濾包含#號(hào)和空行生成新的文件nginx.conf
或者直接創(chuàng)建新的配置文件mginx.conf然后編輯崭参,輸入內(nèi)容如下:
[root@web02 /application/nginx/conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 server {
11 listen 80;
12 server_name www.etiantian.org;
13 location / {
14 root html/www;
15 index index.html index.htm;
16 }
17 }
18 }
2、創(chuàng)建域名對(duì)應(yīng)的站點(diǎn)及文件
此處配置的是基于域名的虛擬主機(jī)款咖,創(chuàng)建對(duì)應(yīng)的站點(diǎn)目錄及文件何暮,命令如下:
[root@web02 /application/nginx/conf]# mkdir ../html/www 《==../表示上級(jí)目錄及/application/nginx
[root@web02 /application/nginx/conf]# echo "www.etiantian.org" >../html/www/index.html
[root@web02 /application/nginx/conf]# cat ../html/www/index.html
www.etiantian.org
上述命令是在/application/nginx/html下創(chuàng)建了一個(gè)www的站點(diǎn)目錄奄喂,并把“www.etiantian.org”重定向到index.html《==這里面是網(wǎng)頁(yè)顯示的內(nèi)容
3、檢查語(yǔ)法并重新加載
先檢查修改過(guò)的Nginx配置文件語(yǔ)法是否正確
[root@web02 /application/nginx/conf]# echo 'PATH="/application/nginx/sbin:$PATH"' >>/etc/profile
[root@web02 /application/nginx/conf]# . /etc/profile
[root@web02 /application/nginx/conf]# echo $PATH
/application/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]#
如果出現(xiàn)ok和succeed說(shuō)明語(yǔ)法正確
然后平滑重啟Nginx海洼,及重新加載配置文件
[root@web02 /application/nginx/conf]# nginx -s reload
最后測(cè)試域名站點(diǎn)配置的訪問(wèn)結(jié)果跨新。這里分為L(zhǎng)inux客戶端和windows客戶端。
下面是針對(duì)Linux客戶端的訪問(wèn):
[root@web02 /application/nginx/conf]# echo "10.0.0.8 www.etiantian.org" >>/etc/hosts
[root@web02 /application/nginx/conf]# tail -1 /etc/hosts
10.0.0.8 www.etiantian.org
[root@web02 /application/nginx/conf]# curl www.etiantian.org
www.etiantian.org
下面是針對(duì)Windows客戶端瀏覽器進(jìn)行訪問(wèn)贰军。
如果域名沒(méi)有解析玻蝌,可以在筆記本上編輯一個(gè)hosts文件,添加hosts解析記錄
windows客戶端hosts文件路徑是:C盤的system root\system32\dirves\etc\hosts
添加10.0.0.8 www.etiantian.org
配置好后在dos提示行檢查一下結(jié)果词疼,如下:
WINDOWS下測(cè)試:
C:\Windows\System32\drivers\etc\hosts
10.0.0.8 www.etiantian.org
ping www.etiantian.org返回10.0.0.8就是對(duì)的
4俯树、配置多個(gè)基于域名的虛擬主機(jī)
(1)增加新域名對(duì)應(yīng)的配置
在1、中已經(jīng)添加了一個(gè)www.etiantian.org虛擬主機(jī)的配置贰盗,再增加兩個(gè)虛擬主機(jī)的配置许饿。站點(diǎn)域名為bbs.etiantian.org、blog.etiantian.org增加的配置一定要在nginx.conf的http{ }區(qū)塊內(nèi)舵盈,最好放在www.etiantian.org虛擬主機(jī)配置的享下面增加的內(nèi)容如下:
[root@web02 /application/nginx/conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 server {
11 listen 80;
12 server_name www.etiantian.org;
13 location / {
14 root html/www;
15 index index.html index.htm;
16 }
17 }
18 server {
19 listen 80;
20 server_name bbs.etiantian.org;
21 location / {
22 root html/bbs;
23 index index.html index.htm;
24 }
25 }
26 server {
27 listen 80;
28 server_name blog.etiantian.org;
▽ 29 location / {
30 root html/blog;
31 index index.html index.htm;
32 }
33 }
34 }
(2)創(chuàng)建新虛擬主機(jī)站點(diǎn)對(duì)應(yīng)的目錄及文件
創(chuàng)建上述兩個(gè)新增域名分別對(duì)應(yīng)的站點(diǎn)目錄及文件陋率,命令如下:
[root@web02 /application/nginx/conf]# mkdir ../html/{bbs,blog}
[root@web02 /application/nginx/conf]# echo "bbs.etiantian.org" >../html/bbs/index.html
[root@web02 /application/nginx/conf]# echo "blog.etiantian.org" >../html/blog/index.html
[root@web02 /application/nginx/conf]#
[root@web02 /application/nginx/conf]#
[root@web02 /application/nginx/conf]# cat ../html/blog/index.html
blog.etiantian.org
[root@web02 /application/nginx/conf]# cat ../html/bbs/index.html
bbs.etiantian.org
(3)重新加載Nginx配置
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]#
(4)在客戶端測(cè)試
同樣,這里分為L(zhǎng)inux客戶端和windows客戶端秽晚。
下面是針對(duì)Linux客戶端的訪問(wèn):
[root@web02 /application/nginx/conf]# tail -1 /etc/hosts
10.0.0.8 www.etiantian.org bbs.etiantian.org blog.etiantian.org
[root@web02 /application/nginx/conf]# curl www.etiantian.org
www.etiantian.org
[root@web02 /application/nginx/conf]# curl bbs.etiantian.org
bbs.etiantian.org
[root@web02 /application/nginx/conf]# curl blog.etiantian.org
blog.etiantian.org
下面是針對(duì)Windows客戶端瀏覽器進(jìn)行訪問(wèn)瓦糟。如下:
Windows下測(cè)試:
C:\Windows\System32\drivers\etc\hosts
10.0.0.8 www.etiantian.org bbs.etiantian.org blog.etiantian.org
如果配置完成后,以后為了排錯(cuò)和留著用赴蝇,可以做一個(gè)備份菩浙,命令如下:
[root@web02 /application/nginx/conf]# /bin/cp nginx.conf nginx.conf_BashName
二、基于端口虛擬主機(jī)實(shí)踐:
基于端口的虛擬主機(jī)配置實(shí)戰(zhàn)基于端口的虛擬主機(jī)在生產(chǎn)環(huán)境中不多見,僅偶爾會(huì)用到,一般為公司內(nèi)部人員提供訪問(wèn),如OA系統(tǒng)句伶、網(wǎng)站程序的后臺(tái)劲蜻、CMS發(fā)布后臺(tái)、MySQL的Web客戶端 phpmyadmin等,使用特殊端口多是從安全上考慮的考余。下面講下基于端口的虛擬主機(jī)相關(guān)配置部署先嬉。
1.配置虛擬主機(jī)監(jiān)聽的端口
如果要配置基于端口的虛擬主機(jī),就需要為每個(gè)虛擬主機(jī)配置不同的端口。這里以上述基于域名的3個(gè)虛擬主機(jī)為例進(jìn)行講解楚堤。首先,編輯nginx.conf主配置文件,然后把每個(gè)虛擬主機(jī)的“l(fā)isten 80;"這個(gè)配置行的80數(shù)字端口修改掉,內(nèi)容見下文,注意 server name域名位置可以不做任何變更,哪怕是相同域名也可以,因?yàn)?基于端口的虛擬主機(jī)就是通過(guò)端口來(lái)唯一區(qū)別不同的虛擬主機(jī)的,只要端口不同就是不同的虛擬主機(jī)疫蔓。
2.修改虛擬主機(jī)配置
經(jīng)過(guò)修改后,完整的基于端口的多個(gè)虛擬主機(jī)配置如下:
[root@web02 ~]# cd /application/nginx/conf/
[root@web02 /application/nginx/conf]# cp nginx.conf{,_BaseName}
[root@web02 /application/nginx/conf]# ls
fastcgi.conf index.html mime.types.default scgi_params win-utf
fastcgi.conf.default koi-utf nginx.conf scgi_params.default
fastcgi_params koi-win nginx.conf_BaseName uwsgi_params
fastcgi_params.default mime.types nginx.conf.default uwsgi_params.default
[root@web02 /application/nginx/conf]# vim nginx.conf
keepalive_timeout 65;
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
}
server {
listen 81;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.html index.htm;
}
}
server {
listen 82;
server_name blog.etiantian.org;
location / {
root html/blog;
index index.html index.htm;
}
}
}
3、檢查語(yǔ)法重新加載匹配生效
[root@web02 /application/nginx/conf]# netstat -lntup|grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14322/nginx: master
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]# netstat -lntup|grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14322/nginx: master
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 14322/nginx: master
tcp 0 0 0.0.0.0:82 0.0.0.0:* LISTEN 14322/nginx: master
4身冬、測(cè)試不同端口訪問(wèn)結(jié)果鳄袍,如下:
[root@web02 /application/nginx/conf]# curl www.etiantian.org:80
www.etiantian.org
[root@web02 /application/nginx/conf]# curl bbs.etiantian.org:81
bbs.etiantian.org
[root@web02 /application/nginx/conf]# curl blog.etiantian.org:82
blog.etiantian.org
瀏覽到的內(nèi)容如果和URL地址欄里的域名部分一樣,就表示配置正確了。Nginx虛擬主機(jī)宜方幫助的網(wǎng)址為:
http://Nginx.org/en/docs/http/request_processing.html
三吏恭、基于IP的虛擬主機(jī)配置實(shí)戰(zhàn)
基于IP的虛擬主機(jī)在生產(chǎn)環(huán)境中的應(yīng)用更為少見,因此、本節(jié)的內(nèi)容讀者了解即可
1,在服務(wù)器網(wǎng)卡上增加多個(gè)IP
然要配置基于衛(wèi)P的虛擬主機(jī), i讓每個(gè)虛擬主機(jī)有不同的IP地址,此處以增加輔助IP的形式臨時(shí)在etho 正在聯(lián)網(wǎng)識(shí)別并翻譯...IP,命令如下:
[root@web02 ~]# ip addr add 10.0.0.9 dev eth0 label eth0:9
[root@web02 ~]# ip addr add 10.0.0.10 dev eth0 label eth0:10
檢查配置生效結(jié)果:
[root@web02 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.8 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fe12:170c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:12:17:0c txqueuelen 1000 (Ethernet)
RX packets 21765 bytes 18029629 (17.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12171 bytes 1426129 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.9 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:12:17:0c txqueuelen 1000 (Ethernet)
eth0:10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.10 netmask 255.255.255.255 broadcast 0.0.0.0
2重罪、添加虛擬主機(jī)配置
基于IP的虛擬主機(jī)實(shí)際配置示例如下樱哼。這是一個(gè)端口和IP混合的虛擬主機(jī)示例,讀者可以自行修改,使其僅僅基于IP,即每個(gè)虛擬主機(jī)的server name字段都換成IP地址
[root@web02 /application/nginx/conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 server {
11 listen 10.0.0.8:80;
12 server_name www.etiantian.org;
13 location / {
14 root html/www;
15 index index.html index.htm;
16 }
17 }
18 server {
19 listen 10.0.0.9:80;
20 server_name bbs.etiantian.org;
21 location / {
22 root html/bbs;
23 index index.html index.htm;
24 }
25 }
26 server {
27 listen 10.0.0.10:80;
28 server_name blog.etiantian.org;
29 location / {
30 root html/blog;
31 index index.html index.htm;
32 }
33 }
34 }
3哀九、檢查語(yǔ)法并平滑重啟
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]#
有時(shí)候特殊,必須關(guān)掉之后再開啟Nginx
[root@web02 /application/nginx/conf]# nginx -s stop
[root@web02 /application/nginx/conf]# nginx
[root@web02 /application/nginx/conf]# netstat -lntup|grep nginx
tcp 0 0 10.0.0.10:80 0.0.0.0:* LISTEN 14967/nginx: master
tcp 0 0 10.0.0.9:80 0.0.0.0:* LISTEN 14967/nginx: master
tcp 0 0 10.0.0.8:80 0.0.0.0:* LISTEN 14967/nginx: master
[root@web02 /application/nginx/conf]# curl 10.0.0.8
www.etiantian.org
[root@web02 /application/nginx/conf]# curl 10.0.0.9
bbs.etiantian.org
[root@web02 /application/nginx/conf]# curl 10.0.0.10
blog.etiantian.org
一:什么是惡意域名解析
一般情況下搅幅,要使域名能訪問(wèn)到網(wǎng)站需要兩步阅束,第一步,將域名解析到網(wǎng)站所在的主機(jī)茄唐,第二步息裸,在web服務(wù)器中將域名與相應(yīng)的網(wǎng)站綁定。但是沪编,如果通過(guò)主機(jī)IP能直接訪問(wèn)某網(wǎng)站呼盆,那么把域名解析到這個(gè)IP也將能訪問(wèn)到該網(wǎng)站,而無(wú)需在主機(jī)上綁定蚁廓,也就是說(shuō)任何人將任何域名解析到這個(gè)IP就能訪問(wèn)到這個(gè)網(wǎng)站访圃。
二:惡意域名解析的危害
可能您并不介意通過(guò)別人的域名訪問(wèn)到您的網(wǎng)站,但是如果這個(gè)域名是未備案域名呢相嵌?
假如那域名是不友善的域名腿时,比如曾經(jīng)指向非法網(wǎng)站,容易引發(fā)搜索引擎懲罰饭宾,連帶IP受到牽連批糟。即使域
沒(méi)什么問(wèn)題,但流量也會(huì)被劫持到別的域名看铆,從而遭到廣告聯(lián)盟的封殺徽鼎。
三;如何防止性湿,配置里第一個(gè)標(biāo)簽如下配置
server{
listen 80;
server_name _default;
return 500;
}
1纬傲、規(guī)范優(yōu)化Nginx配置文件
優(yōu)化nginx配置的實(shí)戰(zhàn)方案:
具體步驟如下:
[root@web02 /application/nginx/conf]# mkdir extra
[root@web02 /application/nginx/conf]# sed -n '10,17p' nginx.conf
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf]# sed -n '10,17p' nginx.conf >extra/01_www.conf
[root@web02 /application/nginx/conf]# sed -n '18,25p' nginx.conf
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf]# sed -n '18,25p' nginx.conf >extra/02_bbs.conf
[root@web02 /application/nginx/conf]# sed -n '26,33p' nginx.conf
server {
listen 80;
server_name blog.etiantian.org;
location / {
root html/blog;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf]# sed -n '26,33p' nginx.conf >extra/03_blog.conf
刪除nginx主配置文件10到33行的內(nèi)容,謹(jǐn)慎
(1)提前配置文件命令如下:
[root@web02 /application/nginx/conf]# sed -i '10,33d' nginx.conf
[root@web02 /application/nginx/conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
}
(2)執(zhí)行下面的插入命令
[root@web02 /application/nginx/conf]# sed -i '10 i include extra/01_www.conf;\ninclude extra/02_bbs.conf;\ninclude extra/03_blog.conf;' nginx.conf
[root@web02 /application/nginx/conf]#
上述sed命令是在nginx.conf配置文件中加入三行包含虛擬主機(jī)文件的配置
如下:
[root@web02 /application/nginx/conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/01_www.conf;
include extra/02_bbs.conf;
include extra/03_blog.conf;
}
(3)重新加載配置肤频,并測(cè)試
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
[root@web02 /application/nginx/conf]# curl www.etiantian.org
www.etiantian.org
[root@web02 /application/nginx/conf]# curl bbs.etiantian.org
bbs.etiantian.org
[root@web02 /application/nginx/conf]# curl blog.etiantian.org
blog.etiantian.org
優(yōu)化Nginx配置文件進(jìn)行網(wǎng)站訪問(wèn)叹括,一切正常!
通過(guò)主配置文件中加上include包含的配置宵荒,可以讓Nginx的配置更簡(jiǎn)單汁雷,修改的最終的配置內(nèi)容如下:
[root@web02 /application/nginx/conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/01_www.conf;
include extra/02_bbs.conf;
include extra/03_blog.conf;
}
[root@web02 /application/nginx/conf]# cd extra/
[root@web02 /application/nginx/conf/extra]# cat 01_www.conf
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf/extra]# cat 02_bbs.conf
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.html index.htm;
}
}
[root@web02 /application/nginx/conf/extra]# cat 03_blog.conf
server {
listen 80;
server_name blog.etiantian.org;
location / {
root html/blog;
index index.html index.htm;
}
}
Nginx status介紹
檢查編譯安裝是是否安裝模塊
[root@web02 /application/nginx/conf]# nginx -v
nginx version: nginx/1.16.0
[root@web02 /application/nginx/conf]#
[root@web02 /application/nginx/conf]#
[root@web02 /application/nginx/conf]# nginx -V
nginx version: nginx/1.16.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/application/nginx-1.16.0/ --with-http_stub_status_module --with-http_ssl_module --with-pcre
1》增加狀態(tài)配置參數(shù)
stub_status on;
access_log off;
[root@web02 /application/nginx/conf]# cat extra/04_status.conf
#status
server{
listen 80;
server_name status.etiantian.org;
location / {
stub_status on;
access_log off;
}
}
[root@web02 /application/nginx/conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/01_www.conf;
include extra/02_bbs.conf;
include extra/03_blog.conf;
}
2》語(yǔ)法檢查
[root@web02 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.16.0//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0//conf/nginx.conf test is successful
[root@web02 /application/nginx/conf]# nginx -s reload
3》windows客戶端hosts解析
10.0.0.8 www.etiantian.org bbs.etiantian.org blog.etiantian.org status.etiantian.org
image.png
