Of Stack

Nginx server initial basic configuration guide

  • 2020-05-10 23:27:06
  • OfStack

1. Prepare
pcre, about regular expression matching; zlib, for compression. I won't go into that, but if you're going to install the simplest version of nginx, just have those two things ready.
Starting the service with an root account is dangerous! Some time ago, the test server of   was hacked. After all, a Trojan horse was uploaded through a service launched by root. Finally, even ssh was blocked and became a broiler.
So, bitter experience tells me, 1 must establish the corresponding group and user for the service, limit the access permission, reduce the risk!  
Here, one www group is set up for nginx, and one non-logged-in account nginx is set up: 


# additional 1 a www group  
groupadd -f www 
# additional 1 a nginx The user  
useradd -s /sbin/nologin -g www nginx


Create a directory to store the nginx log files and grant the appropriate permissions: 


# To establish nginx Log directory  
mkdir /var/log/nginx 
# Grant access  
chown nginx.www /var/log/nginx


2. Compile and install
I put the packages of pcre, zlib and nginx under the /opt/software path, and the service under the /opt/servers path.
Unzip pcre, zlib, nginx, and then compile and install: 


./configure --prefix=/opt/servers/nginx \ 
--user=nginx \ 
--group=www \ 
--pid-path=/var/run/nginx.pid \ 
--error-log-path=/var/log/nginx/error.log \ 
--http-log-path=/var/log/nginx/access.log \ 
--with-pcre=/opt/software/pcre-8.10 \ 
--with-zlib=/opt/software/zlib-1.2.5 \ 
--with-http_stub_status_module \ 
--with-http_realip_module \ 
--with-http_gzip_static_module \ 
--without-http_fastcgi_module \ 
--without-http_memcached_module \ 
--without-http_map_module \ 
--without-http_geo_module \ 
--without-http_autoindex_module \ 
--with-poll_module 
&& make && make install


3. System configuration
I want nginx to work as a service, starting or stopping with the service command.
The benefit of this is that no matter what user I use to call the service command, there is no security issue with using the wrong account.
Create 1 system file: 


vim /etc/init.d/nginx


One generation plants trees, another enjoys the shade. Old bird has made the startup configuration file: 


#!/bin/bash 
# v.0.0.1 
# create by jackbillow at 2007.10.15 
# nginx - This shell script takes care of starting and stopping nginx. 
# 
# chkconfig: - 60 50 
# description: nginx [engine x] is light http web/proxy server 
# that answers incoming ftp service requests. 
# processname: nginx 
# config: /etc/nginx.conf 
nginx_path="/opt/servers/nginx" 
nginx_pid="/var/run/nginx.pid" 
 
# Source function library. 
. /etc/rc.d/init.d/functions 
 
# Source networking configuration. 
. /etc/sysconfig/network 
 
# Check that networking is up. 
[ ${NETWORKING} = "no" ] && exit 0 
[ -x $nginx_path/sbin/nginx ] || exit 0 
RETVAL=0 
prog="nginx" 
start() { 
# Start daemons. 
if [ -e $nginx_pid -a ! -z $nginx_pid ];then 
  echo "nginx already running...." 
  exit 1 
fi 
if [ -e $nginx_path/conf/nginx.conf ];then 
  echo -n $"Starting $prog: " 
  $nginx_path/sbin/nginx -c $nginx_path/conf/nginx.conf & 
  RETVAL=$? 
  [ $RETVAL -eq 0 ] && { 
    touch /var/lock/subsys/$prog 
    success $"$prog" 
  } 
  echo 
else 
  RETVAL=1 
fi 
  return $RETVAL 
} 
# Stop daemons. 
stop() { 
  echo -n $"Stopping $prog: " 
  killproc -d 10 $nigx_path/sbin/nginx 
  RETVAL=$? 
  echo 
  [ $RETVAL = 0 ] && rm -f $nginx_pid /var/lock/subsys/$prog 
} 
# See how we were called. 
case "$1" in 
start) 
  start 
  ;; 
stop) 
  stop 
  ;; 
restart) 
  stop 
  start 
  ;; 
status) 
  status $prog 
  RETVAL=$? 
  ;; 
*) 
  echo $"Usage: $0 {start|stop|restart|status}" 
  exit 1 
esac 
exit $RETVAL


Note the path here:
reference 


nginx_path="/opt/servers/nginx" 
nginx_pid="/var/run/nginx.pid"


If your nginx installation path is in a different location, please modify it accordingly!
Then give this file execute permissions: 


chmod +x /etc/init.d/nginx


Additional system services: 


chkconfig --add nginx 
chkconfig nginx on


Now you can use the following command to control the nginx service!
reference 


# Start the nginx 
service nginx start 
# stop nginx 
service nginx stop 
# restart nginx 
service nginx restart 
# To view nginx state  
service nginx status


4. Basic configuration
After the above work, nginx cannot be put into use in a hurry, and some basic configuration and optimization work needs to be done.
Modify the nginx configuration file: 


vim /opt/servers/nginx/conf/nginx.conf

fine-tuning
reference 


# To establish nginx Log directory  
mkdir /var/log/nginx 
# Grant access  
chown nginx.www /var/log/nginx
0


5. Virtual directories
It is easy to configure virtual directories using nginx and alias.
Take the image access service as an example:
root, for relative paths
reference 


# To establish nginx Log directory  
mkdir /var/log/nginx 
# Grant access  
chown nginx.www /var/log/nginx
1

When we access the "/image/" path, we are actually accessing "/data/image/". Please note that there is no "/" after "/data".
alias, for absolute paths
reference 


# To establish nginx Log directory  
mkdir /var/log/nginx 
# Grant access  
chown nginx.www /var/log/nginx
2

When we access the "/image/" path, we are actually accessing "/data/img/", note that "/data/img/" ends with "/".

6. Redirects
Sometimes the link is put out without consideration, and then it needs to be adjusted one day, and the link cannot be retracted in time. I had to modify the nginx configuration myself.
For example, a link that goes out: / activity. do? m=v wants it to point to/path:
reference 


rewrite ^/activity(.*)$ / last;


Want to bring the requested parameters with you:
reference 


# To establish nginx Log directory  
mkdir /var/log/nginx 
# Grant access  
chown nginx.www /var/log/nginx
4


$1 refers to the first parameter, and so on.


6. Monitor
reference 


# To establish nginx Log directory  
mkdir /var/log/nginx 
# Grant access  
chown nginx.www /var/log/nginx
5


reference 


# To establish nginx Log directory  
mkdir /var/log/nginx 
# Grant access  
chown nginx.www /var/log/nginx
6


7. Log segmentation 


# To establish nginx Log directory  
mkdir /var/log/nginx 
# Grant access  
chown nginx.www /var/log/nginx
7


Grant execution rights 


chmod +x nginx_log.sh

Perform in the morning 


# To establish nginx Log directory  
mkdir /var/log/nginx 
# Grant access  
chown nginx.www /var/log/nginx
9

8. Nginx load balancing
In http {... 1 upstream{... }, as follows:
reference 


 upstream tomcat { 
  server 10.11.155.26:8080; 
  server 10.11.155.41:8080; 
 }

Then modify the location node to configure the agent:
reference 


location / { 
  ... 
   proxy_pass http://tomcat; 

  ... 
}

When the root path is accessed, it is rotoed to two servers, and whether the back-end server is tomcat or jetty or something, it doesn't matter.
Of course, some machines with good performance or low load can bear high load of visits, and the access frequency can be increased through the weight (weight). The higher the value, the more requests are assigned.
The server directive parameters are as follows:
weight -- weight, the higher the value, the more requests it will receive. The default value is 1.
max_fails -- the number of attempts to access a backend server that failed. The default value is 1, and checks are turned off when set to 0.
fail_timeout -- the expiration timeout period that suspends access to the node after multiple failed attempts.
down -- marks the server as permanently offline for the ip_hash directive.
backup -- enabled only when all non-backup servers are down or busy.

For example, you can configure it like this:
reference 


 upstream tomcat { 
  server 10.11.155.26:8080 weight=5; 
  server 10.11.155.41:8080 weight=10; 
 }

The latter would receive a higher number of requests.

Related articles: