Nginx

官达者才未必当其位，誉美者实未必副其名

Nginx官网

1. 概述

定义

Nginx (engine x) 是一个高性能的HTTP和反向代理web服务器，同时也提供了IMAP/POP3/SMTP服务。

背景

Nginx是由伊戈尔·赛索耶夫为俄罗斯访问量第二的Rambler.ru站点（俄文：Рамблер）开发的，公开版本1.19.6发布于2020年12月15日
Nginx 的源代码使用 2-clause BSD-like license。

反向代理

代理服务端，正向代理是代理客户端

特点

内存少
并发大

作用

Http代理，反向代理：作为web服务器最常用的功能之一，尤其是反向代理。
负载均衡：内置策略（轮询，加权轮询，Ip hash。）和扩展策略。
动静分离，配置前端静态资源文件映射

2. 安装

windows安装

Nginx官网下载解压即可

# 修改了 Nginx 的配置文件后
nginx -s reload
# 快速停止 
nginx -s top
# 有序的停止
nginx -s quit
# taskkill 干掉进程
taskkill /f /t /im nginx.exe

Linux安装

# gcc环境
yum install gcc-c++
# PCRE pcre-devel Perl库安装
yum install -y pcre pcre-devel
# zlib 安装
yum install -y zlib zlib-devel
# OpenSSL 全套接字层密码库安装支持https
yum install -y openssl openssl-devel
# 下载安装包解压
tar -zxvf nginx-1.18.0.tar.gz
cd nginx-1.18.0
# 编译安装
./configure
make
make install
# 查找安装路径
 whereis nginx

常见命令

cd /usr/local/nginx/sbin/
./nginx  启动
./nginx -s stop  停止
./nginx -s quit  安全退出
./nginx -s reload  重新加载配置文件
ps aux|grep nginx  查看nginx进程

连接不上

# 开启
service firewalld start
# 重启
service firewalld restart
# 关闭
service firewalld stop
# 查看防火墙规则
firewall-cmd --list-all
# 查询端口是否开放
firewall-cmd --query-port=8080/tcp
# 开放80端口
firewall-cmd --permanent --add-port=80/tcp
# 移除端口
firewall-cmd --permanent --remove-port=8080/tcp
 
#重启防火墙(修改配置后要重启防火墙)
firewall-cmd --reload
 
# 参数解释
1、firwall-cmd：是Linux提供的操作firewall的一个工具；
2、--permanent：表示设置为持久；
3、--add-port：标识添加的端口；

3. 配置文件

解释

########### 每个指令必须有分号结束。#################
#user administrator administrators;  #配置用户或者组，默认为nobody nobody。
#worker_processes 2;  #允许生成的进程数，默认为1
#pid /nginx/pid/nginx.pid;   #指定nginx进程运行文件存放地址
error_log log/error.log debug;  #制定日志路径，级别。这个设置可以放入全局块，http块，server块，级别以此为：debug|info|notice|warn|error|crit|alert|emerg
events {
    accept_mutex on;   #设置网路连接序列化，防止惊群现象发生，默认为on
    multi_accept on;  #设置一个进程是否同时接受多个网络连接，默认为off
    #use epoll;      #事件驱动模型，select|poll|kqueue|epoll|resig|/dev/poll|eventport
    worker_connections  1024;    #最大连接数，默认为512
}
http {
    include       mime.types;   #文件扩展名与文件类型映射表
    default_type  application/octet-stream; #默认文件类型，默认为text/plain
    #access_log off; #取消服务日志    
    log_format myFormat '$remote_addr–$remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for'; #自定义格式
    access_log log/access.log myFormat;  #combined为日志格式的默认值
    sendfile on;   #允许sendfile方式传输文件，默认为off，可以在http块，server块，location块。
    sendfile_max_chunk 100k;  #每个进程每次调用传输数量不能大于设定的值，默认为0，即不设上限。
    keepalive_timeout 65;  #连接超时时间，默认为75s，可以在http，server，location块。
 
    upstream xxy {   
      server 127.0.0.1:8080;
      server 192.168.10.121:8081 backup;  #热备
    }
    error_page 404 https://www.baidu.com; #错误页
    server {
        keepalive_requests 120; #单连接请求上限次数。
        listen       4545;   #监听端口
        server_name  127.0.0.1;   #监听地址       
        location  ~*^.+$ {       #请求的url过滤，正则匹配，~为区分大小写，~*为不区分大小写。
           #root path;  #根目录
           #index vv.txt;  #设置默认页
           proxy_pass  http://xxy;  #请求转向mysvr 定义的服务器列表
           deny 127.0.0.1;  #拒绝的ip
           allow 172.18.5.54; #允许的ip           
        } 
    }
}

重要

upstream xxy {   
     server 127.0.0.1:8080;
     server 192.168.10.121:8081 backup;  #热备
   }
   
   server {
   ..
   proxy_pass  http://xxy;  #请求转向mysvr 定义的服务器列表
   }

实际项目开发

 
#user  nobody;
worker_processes  1;
 
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
 
#pid        logs/nginx.pid;
 
 
events {
    worker_connections  1024;
}
 
stream {
    upstream pg-server{
        server 47.99.104.62:5432;
	}
	server {
		listen 5433;
		proxy_pass pg-server;
	}
}
 
http {
    include       mime.types;
    default_type  application/octet-stream;
    client_max_body_size  100m;
    access_log  off;
    sendfile        on;
    keepalive_timeout  100;
	fastcgi_connect_timeout 75;
    fastcgi_read_timeout 600;
    fastcgi_send_timeout 600;
	gzip  on;  
	gzip_min_length 1k;  
	gzip_comp_level 4; 
	gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;  
	gzip_disable "MSIE [1-6]\."; 
	gzip_vary on; 
 
	map $http_upgrade $connection_upgrade {
		default upgrade;
		'' close;
	}
 
	upstream msc {
        server  47.99.104.62:18010;
    }
 
 
	upstream nacos-server {
        server  47.99.104.62:8848;
    }
	
	upstream graphs {
        server 47.99.104.62:8000;
    }
	
	upstream websocket-server {
        server 47.99.104.62:2014;
    }
	
	server {
		listen       18001;
		location / {
			proxy_pass http://nacos-server;
		}
	}
 
	server {
		listen       80 default;
		server_name  localhost;
		#ssl on;
		
		#root ../webapps;
		#location / {
		#	rewrite ^/$ /fusionsite-are-basic-web last;
		#	add_header 'Cache-Control' 'no-cache';
		#}
		
		root ../../Oceansite/webapps/oceansite-basic-web;
		location = / {
			#root	../../Oceansite/webapps/oceansite-basic-web;
			#index  index.html index.htm;
			rewrite ^/$ /index last;			
		}
		location /index {
			alias	../../Oceansite/webapps/oceansite-basic-web;			
		}
		location /login {
			alias	../../Oceansite/webapps/oceansite-basic-web;			
		}
		
		location /system/menu {
			alias	../../Oceansite/webapps/oceansite-basic-web/;			
		}
		
		location /RTData/navigation {
			alias	../../Oceansite/webapps/oceansite-basic-web/;			
		}
		location /RTData/flowChart {
			alias	../../Oceansite/webapps/oceansite-basic-web/;			
		}
		location /RTData/47.99.104.62/oceansite-conduction-web {
			alias	../../Oceansite/webapps/oceansite-basic-web/;			
		}
		location /RTData/47.99.104.62/oceansite-video-monitor-web {
			alias	../../Oceansite/webapps/oceansite-basic-web/;			
		}
		
		location /47.99.104.62/oceansite-ship-record-web {
			alias	../../Oceansite/webapps/oceansite-basic-web/;			
		}
		
		
		#记录簿网页资源
		location /oceansite-ship-record-web {
			root	../../Oceansite/webapps;	
			index  index.html index.htm;			
		}
		
		#通导系统网页资源
		location /oceansite-conduction-web {
			root	../../Oceansite/webapps;	
			index  index.html index.htm;			
		}
		
		#视频监控网页资源
		location /oceansite-video-monitor-web {
			root	../../Oceansite/webapps;	
			index  index.html index.htm;			
		}
		
		#视频监控报警照片和视频
		location /alarmimgdata {
			root	../../;			
		}
		
		#流程图网页资源
		location /flowchart {
			root	../webapps;
			index  index.html index.htm;			
		}
		location /fusionsite-are-basic-web {
			root	../webapps;
			index  index.html index.htm;			
		}
		
		location /common {
			root	../webapps;
			index  index.html index.htm;			
		}		
		
		#OceanSite 数据接口跳转
		location /prod-api/ {
			proxy_read_timeout 86400;
		
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			
			add_header 'Access-Control-Allow-Credentials' 'true' always;
		    add_header 'Access-Control-Allow-Origin' *; 
			add_header 'Access-Control-Max-Age' 1728000;
			add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE';
			add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
			
			proxy_pass http://47.99.104.62:8080/;
		}
		
		
		location /msc {
			proxy_pass http://msc;
			proxy_set_header X-Real-IP $remote_addr;
            		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		}
		
		location /fusionsite-are-h5-flowchart-web/graph {
			root ../webapps;
		}
		
		location ~* /fusionsite-are-h5-flowchart-web/graph/.*/Resource/.*\.(jpg|png|jpeg|gif)$ {
			rewrite ^/fusionsite-are-h5-flowchart-web/graph/(.*)$ /mare-graph/$1 last;
		}
		
		location ~* /mare-graph {
			root ../App_Server/fusionsite-are-minio-server/data;
		}
		
		location /zrender/src/core/util.js {
			root ../webapps/fusionsite-are-h5-flowchart-web/graph;
		}
 
		
		
		location /graphs/ {
                proxy_pass http://graphs;
                proxy_set_header Host 47.99.104.62:8000;
        }
		
		location /msc/fusionsite-are-basic/minIO/fileUpload {
		    	proxy_set_header X-Real-IP $remote_addr;
            		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		    	add_header 'Access-Control-Allow-Origin' "$http_origin" always;
            		add_header 'Access-Control-Allow-Credentials' 'true' always;
			add_header 'Access-Control-Allow-Methods' 'POST';
			add_header 'Access-Control-Allow-Headers' 'lastoperatime,token,DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
			proxy_pass http://47.99.104.62:18110/minIO/fileUpload;
		}
		location /msc/fusionsite-are-basic/minIO/file/fileUpload {
		    	proxy_set_header X-Real-IP $remote_addr;
            		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		    	add_header 'Access-Control-Allow-Origin' "$http_origin" always;
            		add_header 'Access-Control-Allow-Credentials' 'true' always;
			add_header 'Access-Control-Allow-Methods' 'POST';
			add_header 'Access-Control-Allow-Headers' 'lastoperatime,token,DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
			proxy_pass http://47.99.104.62:18110/minIO/file/fileUpload;
		}
		location /msc/fusionsite-are-basic/minIO/fileDownload {
		    	proxy_set_header X-Real-IP $remote_addr;
            		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		    	add_header 'Access-Control-Allow-Origin' "$http_origin" always;
            		add_header 'Access-Control-Allow-Credentials' 'true' always;
			add_header 'Access-Control-Allow-Methods' 'POST';
			add_header 'Access-Control-Allow-Headers' 'lastoperatime,token,DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
			proxy_pass http://47.99.104.62:18110/minIO/fileDownload;
		}
		
		error_page 404 /404.html;
			location = /40x.html {
		}
 
		error_page 500 502 503 504 /50x.html;
			location = /50x.html {
		}
	}	
	
	server {
		listen       8000;
		server_name  localhost;
		client_max_body_size  100m;
		
		location /
		{
			root  ../webapps/fusionsite-are-h5-flowchart-web/graph;
			index  index.html index.htm;
		}
 
		
		location ~* .*/Resource/.*\.(jpg|png|jpeg|gif)$ {
			rewrite ^.*/Resource/(.*)$  /resources/$1 last;
		}
	
		location ~* .*/Flows/.*\.(jpg|png|jpeg|gif)$ {
			rewrite ^.*/Flows/(.*)$  /resources/$1 last;
		}
		
		location /resources {
			alias ../webapps/fusionsite-are-h5-flowchart-web/resources;
		}
 
		error_page   500 502 503 504  /50x.html;
		location = /50x.html
		{
			root   html;
		}
 
		location /flowchart
		{
			proxy_read_timeout 86400;
			proxy_pass http://websocket-server;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection $connection_upgrade;
		}
		
		location /graphs/rest {
                rewrite ^/graphs/(.*)$  /$1 last;
        }
 
		location /rest
		{
			proxy_pass http://47.99.104.62:8689/rest;
			#proxy_redirect off;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			expires off;
		}
	}
 
}

4. 总结

知道了Nginx反向代理，对服务器加深了理解