nginx web服務
如何知道nginx是否安裝
使用rpm包或者yum安裝的方式
rpm -q nginx
yum list
編譯安裝nginx
[root@mysql-server ~]# find / -name nginx
yum install mlocate
updatedb
[root@mysql-server ~]# locate nginx
nginx.conf主配置文件詳解
user nginx; #啓動的時候使用哪個用戶啓動
worker_processes auto; #啓動工作進程的數量和cpu核心的數量一致,有多少個cpu核心,就啓動多少個工作進程
error_log /var/log/nginx/error.log; #web服務訪問出錯的信息記錄到錯誤日誌文件,還有服務啓動出錯的信息
pid /run/nginx.pid; #記錄nginx進程啓動後的pid號
include /usr/share/nginx/modules/*.conf; #加載其他的模塊的配置文件
events {
worker_connections 1024; #同時允許多少客戶端連接,這個值可以根據你的服務器的硬件資源進行調整,最好進行壓力測試,設置這個值
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';#日誌的格式
access_log /var/log/nginx/access.log main; #採用格式
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65; #開啓長連接
types_hash_max_size 2048;
include /etc/nginx/mime.types; #支持的文件類型
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf; #次要配置文件加載server配置就是真正提供web服務的配置
server {
listen 80 default_server; #ipv4的端口號
listen [::]:80 default_server; ##ipv6的端口號
server_name www.sanlelearning.com; #支持的域名是多少
root /usr/share/nginx/html; #網頁存放的路徑
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf; #其他配置文件加載
location / {
}
error_page 404 /404.html; #404錯誤的處理
location = /40x.html {
}
error_page 500 502 503 504 /50x.html; #50開頭的錯誤代碼處理
location = /50x.html {
}用戶啓動的效果
root用戶啓動的是管理進程
nginx用戶啓動的工作進程
[root@mysql-server ~]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 7964 root 6u IPv4 324977 0t0 TCP *:http (LISTEN)
nginx 7964 root 7u IPv6 324978 0t0 TCP *:http (LISTEN)
nginx 7965 nginx 6u IPv4 324977 0t0 TCP *:http (LISTEN)
nginx 7965 nginx 7u IPv6 324978 0t0 TCP *:http (LISTEN)
[root@mysql-server ~]#如何知道有幾顆cpu,每顆cpu裏有幾個核心?
- top 然後按數字1
cat /proc/cpuinfo
processor : 0 #第1顆cpu
core id : 0 #核的編號
cpu cores : 1 #第1顆cpu裏有一個核
web壓力測試軟件
ab -c 10 -n1000 http://192.168.0.51/index.html
ab –》安裝好httpd就有的壓力測試軟件 yum install httpd
-n requests Number of requests to perform
每個頁面請求的次數
-c concurrency Number of multiple requests to make at a time
同時訪問的客戶端的數量
總的數量= -n的值 * -c的值
[root@mysql-server modules]# ab -c 10 -n100000 http://192.168.0.51/index.html
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.0.51 (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests
Completed 60000 requests
Completed 70000 requests
Completed 80000 requests
Completed 90000 requests
Completed 100000 requests
Finished 100000 requests
Server Software: nginx/1.12.2
Server Hostname: 192.168.0.51
Server Port: 80
Document Path: /index.html
Document Length: 3700 bytes
Concurrency Level: 10
Time taken for tests: 19.985 seconds
Complete requests: 100000
Failed requests: 0
Write errors: 0
Total transferred: 393400000 bytes
HTML transferred: 370000000 bytes
Requests per second: 5003.75 [#/sec] (mean) ###平均每秒的請求數
Time per request: 1.999 [ms] (mean) ###平均每個請求消耗的時間
Time per request: 0.200 [ms] (mean, across all concurrent requests)
Transfer rate: 19223.38 [Kbytes/sec] received ###傳輸速率
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.4 0 27
Processing: 0 2 1.3 1 55
Waiting: 0 1 1.2 1 55
Total: 1 2 1.4 2 56
Percentage of the requests served within a certain time (ms)
50% 2 ###50%的請求都在2ms內完成
66% 2
75% 2
80% 2
90% 3
95% 4
98% 5
99% 7
100% 56 (longest request)
[root@mysql-server modules]#
1、吞吐率(Requests per second):
服務器併發處理能力的量化描述,單位是reqs/s,指的是在某個併發用戶數下單位時間內處理的請求數。某個併發用戶數下單位時間內能處理的最大請求數,稱之爲最大吞吐率。
記住:吞吐率是基於併發用戶數的。這句話代表了兩個含義:
a、吞吐率和併發用戶數相關
b、不同的併發用戶數下,吞吐率一般是不同的
計算公式:總請求數/處理完成這些請求數所花費的時間,即
Request per second=Complete requests/Time taken for tests
必須要說明的是,這個數值表示當前機器的整體性能,值越大越好。
2、用戶平均請求等待時間(Time per request):
計算公式:處理完成所有請求數所花費的時間/(總請求數/併發用戶數),即:
Time per request=Time taken for tests/(Complete requests/Concurrency
Level)3、服務器平均請求等待時間(Time per request:across all concurrent requests):
計算公式:處理完成所有請求數所花費的時間/總請求數,即:
Time taken for/testsComplete requests
可以看到,它是吞吐率的倒數。
同時,它也等於用戶平均請求等待時間/併發用戶數,即
Time per request/Concurrency Level。
多server案例(虛擬主機)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.a.com;
root /usr/share/nginx/html/a; #a網站的路徑
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80 ;
server_name www.b.com; #b網站的域名
root /usr/share/nginx/html/b;#b網站的路徑
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
修改本機的/etc/hosts文件
[root@mysql-server nginx]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.51 www.a.com
192.168.0.51 www.b.com
[root@mysql-server nginx]#
測試訪問
[root@mysql-server nginx]# curl www.a.com
aaaaaaaaaaaaaaaa
[root@mysql-server nginx]# curl www.b.com
bbbbbbbbbbbbbbbbbbbbb
[root@mysql-server nginx]#
[root@mysql-server nginx]# curl 192.168.0.51 #默認的網站
aaaaaaaaaaaaaaaa
[root@mysql-server nginx]#
nginx可以python、php、java配合,需要在配置文件裏做動靜分離
nginx默認只支持靜態頁面—>.html
動態頁面需要交給其他的程序來處理
- .py —>python
- .php —>php的解釋器處理 fastcgi-php
- .jsp —>tomcat
nginx對https支持
https://blog.csdn.net/w410589502/article/details/72833283
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.c.com;
root /usr/share/nginx/html/c;
ssl_certificate "/usr/share/nginx/html/key/certreq.crt";
ssl_certificate_key "/usr/share/nginx/html/key/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
生成key和csr文件
[root@mysql-server nginx]# cd /usr/share/nginx/html/key/
生成私鑰
[root@mysql-server key]#openssl genrsa -out server.key 2048
生成csr文件
[root@mysql-server key]# openssl req -new -key server.key -out certreq.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hunan
Locality Name (eg, city) [Default City]:changsha
Organization Name (eg, company) [Default Company Ltd]:sanle
Organizational Unit Name (eg, section) []:sanchuang
Common Name (eg, your name or your server's hostname) []:cali
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@mysql-server key]# ls #查看文件
certreq.csr server.key
[root@mysql-server key]#
生成一個補丁文件certreq.crt
[root@mysql-server key]# openssl x509 -req -days 365 -in certreq.csr -signkey server.key -out certreq.crt
Signature ok
subject=/C=cn/ST=hunan/L=changsha/O=sanle/OU=sanchuang/CN=cali/[email protected]
Getting Private key
[root@mysql-server key]# ls
certreq.crt certreq.csr server.key
[root@mysql-server key]#
注:ssl_certificate 和 ssl_certificate_key 的路徑就是我們ssl證書申請的路徑
ssl_certificate證書其實是個公鑰,它會被髮送到連接服務器的每個客戶端,ssl_certificate_key私鑰是用來解密的,所以它的權限要得到保護但nginx的主進程能夠讀取。當然私鑰和證書可以放在一個證書文件中,這種方式也只有公鑰證書才發送到client。
ssl_session_timeout 客戶端可以重用會話緩存中ssl參數的過期時間,內網系統默認5分鐘太短了,可以設成30m即30分鐘甚至4h。
ssl_protocols指令用於啓動特定的加密協議,nginx在1.1.13和1.0.12版本後默認是ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2,TLSv1.1與TLSv1.2要確保OpenSSL >= 1.0.1 ,SSLv3 現在還有很多地方在用但有不少被攻擊的漏洞。
ssl_ciphers選擇加密套件,不同的瀏覽器所支持的套件(和順序)可能會不同。這裏指定的是OpenSSL庫能夠識別的寫法,你可以通過 openssl -v cipher ‘RC4:HIGH:!aNULL:!MD5’(後面是你所指定的套件加密算法) 來看所支持算法。
ssl_prefer_server_ciphers on設置協商加密算法時,優先使用我們服務端的加密套件,而不是客戶端瀏覽器的加密套件。
啓動nginx
[root@mysql-server nginx]# service nginx restart #重新啓動nginx服務
Redirecting to /bin/systemctl restart nginx.service
[root@mysql-server nginx]#
[root@mysql-server nginx]# lsof -i:443 #查看443端口
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 20559 root 8u IPv4 1064208 0t0 TCP *:https (LISTEN)
nginx 20559 root 9u IPv6 1064209 0t0 TCP *:https (LISTEN)
nginx 20560 nginx 8u IPv4 1064208 0t0 TCP *:https (LISTEN)
nginx 20560 nginx 9u IPv6 1064209 0t0 TCP *:https (LISTEN)
[root@mysql-server nginx]#
訪問驗證
linux裏訪問
[root@mysql-server key]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.51 www.a.com
192.168.0.51 www.c.com #添加域名解析
192.168.0.51 www.b.com
[root@mysql-server key]#
[root@mysql-server nginx]# curl -k https://www.c.com
cccccccccccccccccc
[root@mysql-server nginx]#
windows裏訪問
windows裏訪問,因爲證書是我們自己頒發的,所以瀏覽器不承認,需要購買權威機構的證書,就可以了。
訪問http協議給重定向到https端口
方法1:
因爲http的80是默認端口,監聽80端口可以讓http重定向到https端口上
server {
listen 80;
server_name www.c.com;
rewrite ^(.*)$ https://$server_name$1 permanent; #添加重定向配置
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.c.com;
root /usr/share/nginx/html/c;
方法2
index.html刷新網頁
思路
上述兩種方法均會耗費服務器的資源,我們用curl訪問baidu.com試一下,看百度的公司是如何實現baidu.com向www.baidu.com的跳轉
可以看到百度很巧妙的利用meta的刷新作用,將baidu.com跳轉到www.baidu.com.因此我們可以基於http://test.com的虛擬主機路徑下也寫一個index.html,內容就是http向https的跳轉
配置www.b.com驗證
server {
listen 80 ;
server_name www.b.com; #域名
root /usr/share/nginx/html/b; #網站目錄
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
去首頁裏修改,使用刷新跳轉功能
[root@mysql-server nginx]# cd /usr/share/nginx/html/b
[root@mysql-server b]# ls
index.html
[root@mysql-server b]# cat index.html #修改首頁
<html>
<meta http-equiv="refresh" content="0;url=https://www.c.com/">
</html>
[root@mysql-server b]#
在windows機器上驗證
修改C:\Windows\System32\drivers\etc下的hosts文件
ping驗證域名對應的ip是否修改成功
在瀏覽器裏訪問
點擊訪問
nginx的狀態
location /nginx_status {
stub_status on;
access_log off;
}
連接nginx查看狀態
curl http://192.168.0.51/nginx_status
Active connections: 11921
server accepts handled requests
11989 11989 11991
Reading: 0 Writing: 7 Waiting: 42
nginx status詳解
active connections – 活躍的連接數量
server accepts handled requests — 總共處理了11989個連接 , 成功創建11989次握手, 總共處理了11991個請求
reading — 讀取客戶端的連接數.
writing — 響應數據到客戶端的數量
waiting — 開啓 keep-alive 的情況下,這個值等於 active – (reading+writing), 意思就是 Nginx 已經處理完正在等候下一次請求指令的駐留連接.