Nginx server initial basic configuration guide
- 2020-05-10 23:27:06
- OfStack
1. Prepare
pcre, about regular expression matching; zlib, for compression. I won't go into that, but if you're going to install the simplest version of nginx, just have those two things ready.
Starting the service with an root account is dangerous! Some time ago, the test server of was hacked. After all, a Trojan horse was uploaded through a service launched by root. Finally, even ssh was blocked and became a broiler.
So, bitter experience tells me, 1 must establish the corresponding group and user for the service, limit the access permission, reduce the risk!
Here, one www group is set up for nginx, and one non-logged-in account nginx is set up:
# additional 1 a www group
groupadd -f www
# additional 1 a nginx The user
useradd -s /sbin/nologin -g www nginx
Create a directory to store the nginx log files and grant the appropriate permissions:
# To establish nginx Log directory
mkdir /var/log/nginx
# Grant access
chown nginx.www /var/log/nginx
2. Compile and install
I put the packages of pcre, zlib and nginx under the /opt/software path, and the service under the /opt/servers path.
Unzip pcre, zlib, nginx, and then compile and install:
./configure --prefix=/opt/servers/nginx \
--user=nginx \
--group=www \
--pid-path=/var/run/nginx.pid \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre=/opt/software/pcre-8.10 \
--with-zlib=/opt/software/zlib-1.2.5 \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--without-http_fastcgi_module \
--without-http_memcached_module \
--without-http_map_module \
--without-http_geo_module \
--without-http_autoindex_module \
--with-poll_module
&& make && make install
3. System configuration
I want nginx to work as a service, starting or stopping with the service command.
The benefit of this is that no matter what user I use to call the service command, there is no security issue with using the wrong account.
Create 1 system file:
vim /etc/init.d/nginx
One generation plants trees, another enjoys the shade. Old bird has made the startup configuration file:
#!/bin/bash
# v.0.0.1
# create by jackbillow at 2007.10.15
# nginx - This shell script takes care of starting and stopping nginx.
#
# chkconfig: - 60 50
# description: nginx [engine x] is light http web/proxy server
# that answers incoming ftp service requests.
# processname: nginx
# config: /etc/nginx.conf
nginx_path="/opt/servers/nginx"
nginx_pid="/var/run/nginx.pid"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginx_path/sbin/nginx ] || exit 0
RETVAL=0
prog="nginx"
start() {
# Start daemons.
if [ -e $nginx_pid -a ! -z $nginx_pid ];then
echo "nginx already running...."
exit 1
fi
if [ -e $nginx_path/conf/nginx.conf ];then
echo -n $"Starting $prog: "
$nginx_path/sbin/nginx -c $nginx_path/conf/nginx.conf &
RETVAL=$?
[ $RETVAL -eq 0 ] && {
touch /var/lock/subsys/$prog
success $"$prog"
}
echo
else
RETVAL=1
fi
return $RETVAL
}
# Stop daemons.
stop() {
echo -n $"Stopping $prog: "
killproc -d 10 $nigx_path/sbin/nginx
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f $nginx_pid /var/lock/subsys/$prog
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit $RETVAL
Note the path here:
reference
nginx_path="/opt/servers/nginx"
nginx_pid="/var/run/nginx.pid"
If your nginx installation path is in a different location, please modify it accordingly!
Then give this file execute permissions:
chmod +x /etc/init.d/nginx
Additional system services:
chkconfig --add nginx
chkconfig nginx on
Now you can use the following command to control the nginx service!
reference
# Start the nginx
service nginx start
# stop nginx
service nginx stop
# restart nginx
service nginx restart
# To view nginx state
service nginx status
4. Basic configuration
After the above work, nginx cannot be put into use in a hurry, and some basic configuration and optimization work needs to be done.
Modify the nginx configuration file:
vim /opt/servers/nginx/conf/nginx.conf
fine-tuning
reference
# To establish nginx Log directory
mkdir /var/log/nginx
# Grant access
chown nginx.www /var/log/nginx
0
5. Virtual directories
It is easy to configure virtual directories using nginx and alias.
Take the image access service as an example:
root, for relative paths
reference
# To establish nginx Log directory
mkdir /var/log/nginx
# Grant access
chown nginx.www /var/log/nginx
1
When we access the "/image/" path, we are actually accessing "/data/image/". Please note that there is no "/" after "/data".
alias, for absolute paths
reference
# To establish nginx Log directory
mkdir /var/log/nginx
# Grant access
chown nginx.www /var/log/nginx
2
When we access the "/image/" path, we are actually accessing "/data/img/", note that "/data/img/" ends with "/".
6. Redirects
Sometimes the link is put out without consideration, and then it needs to be adjusted one day, and the link cannot be retracted in time. I had to modify the nginx configuration myself.
For example, a link that goes out: / activity. do? m=v wants it to point to/path:
reference
rewrite ^/activity(.*)$ / last;
Want to bring the requested parameters with you:
reference
# To establish nginx Log directory
mkdir /var/log/nginx
# Grant access
chown nginx.www /var/log/nginx
4
$1 refers to the first parameter, and so on.
6. Monitor
reference
# To establish nginx Log directory
mkdir /var/log/nginx
# Grant access
chown nginx.www /var/log/nginx
5
reference
# To establish nginx Log directory
mkdir /var/log/nginx
# Grant access
chown nginx.www /var/log/nginx
6
7. Log segmentation
# To establish nginx Log directory
mkdir /var/log/nginx
# Grant access
chown nginx.www /var/log/nginx
7
Grant execution rights
chmod +x nginx_log.sh
Perform in the morning
# To establish nginx Log directory
mkdir /var/log/nginx
# Grant access
chown nginx.www /var/log/nginx
9
8. Nginx load balancing
In http {... 1 upstream{... }, as follows:
reference
upstream tomcat {
server 10.11.155.26:8080;
server 10.11.155.41:8080;
}
Then modify the location node to configure the agent:
reference
location / {
...
proxy_pass http://tomcat;
...
}
When the root path is accessed, it is rotoed to two servers, and whether the back-end server is tomcat or jetty or something, it doesn't matter.
Of course, some machines with good performance or low load can bear high load of visits, and the access frequency can be increased through the weight (weight). The higher the value, the more requests are assigned.
The server directive parameters are as follows:
weight -- weight, the higher the value, the more requests it will receive. The default value is 1.
max_fails -- the number of attempts to access a backend server that failed. The default value is 1, and checks are turned off when set to 0.
fail_timeout -- the expiration timeout period that suspends access to the node after multiple failed attempts.
down -- marks the server as permanently offline for the ip_hash directive.
backup -- enabled only when all non-backup servers are down or busy.
For example, you can configure it like this:
reference
upstream tomcat {
server 10.11.155.26:8080 weight=5;
server 10.11.155.41:8080 weight=10;
}
The latter would receive a higher number of requests.