云原生高级-Nginx
一、Web服务基础核心知识点
1 Web服务核心定义
基于TCP/IP协议簇,以HTTP/HTTPS为核心应用层协议,遵循C/S架构,实现客户端与服务器端资源交互的标准化服务,是互联网应用的核心基础设施。
2 HTTP/HTTPS核心要点
- HTTP:明文传输,默认端口80,核心版本(1.1默认长连接、2.0二进制分帧/多路复用、3.0基于QUIC协议)。
- HTTPS:HTTP+TLS/SSL,默认端口443,混合加密(非对称+对称)、CA身份认证、哈希完整性校验,解决窃听/篡改/冒充问题。
- 核心语义:常用请求方法(GET/POST/PUT/DELETE)、响应状态码5大类(1xx-5xx)核心标识。
3 Web服务架构演进(关键阶段)
- 单体静态架构:单一服务器,仅提供静态资源,无动态交互。
- 动态脚本架构:LAMP/WAMP,Web服务器+动态脚本+数据库,支持动态页面。
- 分层反向代理架构:反向代理(Apache/Nginx)+应用层+数据层,实现负载均衡与水平扩展。
- 云原生微服务架构:API网关(基于Nginx/Apache扩展)+微服务,实现全链路流量管理。
4 主流Web服务器分类
核心分为三类:静态/反向代理服务器(Nginx)、通用Web服务器(Apache)、应用服务器(Tomcat),核心定位是流量入口或动态业务处理。
二、Apache 核心理论
1 Apache 概述
Apache HTTP Server,1995年发布,开源通用Web服务器,早期Web服务主流产品,核心优势是生态完善、兼容性强,适配各类静态/动态场景。
2 核心架构
- 核心架构:多进程/多线程模型,依赖MPM(多处理模块)实现并发处理。
- 主流MPM模块(关键):
- prefork:多进程模型,一个连接一个进程,稳定但高并发下资源占用高(默认兼容模式)。
- worker:多进程+多线程,一个进程包含多个线程,每个线程处理一个连接,兼顾稳定与并发。
- event:worker模块优化版,实现异步非阻塞,解决长连接队头阻塞问题,提升高并发性能。
- 模块化设计:核心模块(基础运行)+扩展模块(动态功能),支持按需加载。
3 核心特性与能力
- 基础特性:跨平台、配置简单、生态完善,支持多种脚本语言(PHP/Python)。
- 核心能力:
- 静态资源服务:支持文件缓存、压缩、断点续传(性能弱于Nginx)。
- 动态请求处理:原生支持CGI/FastCGI,与动态脚本(PHP)兼容性好。
- 反向代理与负载均衡:通过mod_proxy模块实现,负载均衡算法简单(轮询、加权轮询)。
- 安全防护:支持IP访问控制、HTTP认证、SSL加密(需mod_ssl模块)。
4 核心局限性
同步阻塞架构(默认MPM),高并发场景下进程/线程切换开销大,资源占用高,性能衰减明显;静态资源处理效率低于Nginx。
三、Nginx 核心理论
1 Nginx 概述
2004年发布,俄罗斯程序员开发,高性能HTTP/反向代理服务器,核心解决C10K问题,目前企业级Web服务首选流量入口。
2 核心架构
- Master-Worker多进程架构:1个Master(管理配置、进程)+多个Worker(处理请求),Worker进程数通常等于CPU核心数。
- 异步非阻塞事件驱动:基于epoll(Linux)等内核事件模型,单线程处理数万并发,无进程/线程切换开销。
- 模块化设计:极简内核+核心模块+扩展模块,功能可裁剪,扩展性强。
3 核心特性与能力
- 基础特性:高并发(单机10万+并发)、低资源占用、7×24小时稳定运行、支持热加载/平滑升级。
- 核心能力:
- 静态资源服务:sendfile零拷贝技术,传输效率极高,支持缓存、压缩、范围请求。
- 反向代理:核心功能,支持多协议转发,隐藏后端服务,提升安全性。
- 负载均衡:丰富算法(轮询、加权、IP哈希、最少连接),支持被动健康检查。
- 安全与管控:IP黑白名单、限流、HTTPS加固,可扩展WAF防护。
- 云原生适配:支持Ingress-Nginx、OpenResty扩展,适配微服务架构。
4 核心局限性
原生动态请求处理能力弱,需依赖后端应用服务器(Tomcat);配置灵活性低于Apache(部分场景)。
四、Apache 与 Nginx 核心对比
| 对比维度 | Apache | Nginx |
|---|---|---|
| 并发性能 | 中等,高并发下资源占用高、性能衰减 | 极高,异步非阻塞,支持海量并发 |
| 静态资源处理 | 支持,效率一般 | 高效,零拷贝技术,业界首选 |
| 动态请求处理 | 原生支持好,兼容性强 | 需依赖后端应用服务器 |
| 配置与扩展 | 配置灵活,生态模块丰富 | 配置简洁,模块化扩展强,支持Lua |
| 适用场景 | 中小型动态网站、兼容性要求高的场景 | 高并发、静态资源多、微服务网关场景 |
五、Nginx 基础与进阶实验
1 基础环境搭建
1.1 Nginx 源码编译安装
软件安装包下载
1
[root@Nginx ~]# wget https://nginx.org/download/nginx-1.28.1.tar.gz
源码包解压
1
2
3
4
5[root@Nginx ~]# tar -zxf nginx-1.28.1.tar.gz
[root@Nginx ~]# cd nginx-1.28.1/
[root@Nginx nginx-1.28.1]# ls
auto CHANGES.ru conf contrib html man SECURITY.md
CHANGES CODE_OF_CONDUCT.md configure CONTRIBUTING.md LICENSE README.md src编译环境检测
1
2
3
4#安装依赖性
[root@Nginx ~]# dnf install gcc openssl-devel.x86_64 pcre2-devel.x86_64 zlib-devel -y
[root@Nginx nginx-1.28.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module源码编译与安装
1
2[root@Nginx nginx-1.28.1]# make
[root@Nginx nginx-1.28.1]# make installNginx 服务启动
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#设定环境变量
[root@Nginx sbin]# vim ~/.bash_profile
export PATH=$PATH:/usr/local/nginx/sbin
[root@Nginx sbin]# source ~/.bash_profile
[root@Nginx logs]# useradd -s /sbin/nologin -M nginx
[root@Nginx logs]# nginx
[root@Nginx logs]# ps aux | grep nginx
root 44012 0.0 0.1 14688 2356 ? Ss 17:01 0:00 nginx: master process nginx
nginx 44013 0.0 0.2 14888 3892 ? S 17:01 0:00 nginx: worker process
root 44015 0.0 0.1 6636 2176 pts/0 S+ 17:01 0:00 grep --color=auto nginx
#测试
[root@Nginx logs]# echo timinglee > /usr/local/nginx/html/index.html
[root@Nginx logs]# curl 172.25.254.100
timinglee
1.2 Nginx 版本管理
高版本软件安装包下载
1
[root@Nginx ~]# wget https://nginx.org/download/nginx-1.29.4.tar.gz
新版本源码编译与平滑升级
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68#编译nginx隐藏版本
[root@Nginx ~]# tar zxf nginx-1.29.4.tar.gz
[root@Nginx ~]# cd nginx-1.29.4/src/core/
[root@Nginx core]# vim nginx.h
#define nginx_version 1029004
#define NGINX_VERSION ""
#define NGINX_VER "TIMINGLEE/" NGINX_VERSION
#文件编辑完成后进行源码编译即可
[root@Nginx core]# cd ../../
[root@Nginx nginx-1.29.4]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@Nginx nginx-1.29.4]# make
[root@Nginx nginx-1.29.4]# cd objs/
[root@Nginx objs]# ls
autoconf.err nginx ngx_auto_config.h ngx_modules.c src
Makefile nginx.8 ngx_auto_headers.h ngx_modules.o
[root@Nginx objs]# cd /usr/local/nginx/sbin/
[root@Nginx sbin]# ls
nginx
[root@Nginx sbin]# \cp -f /root/nginx-1.29.4/objs/nginx /usr/local/nginx/sbin/nginx
[root@Nginx sbin]# ls /usr/local/nginx/logs/
access.log error.log nginx.pid
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2360 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process
[root@Nginx sbin]# kill -USR2 1643 #nginx master进程id
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
root 4923 0.0 0.1 6636 2176 pts/0 S+ 10:25 0:00 grep --color=auto nginx
[root@Nginx sbin]# ls /usr/local/nginx/logs/
access.log error.log nginx.pid nginx.pid.oldbin
#测试效果
[root@Nginx sbin]# nginx -V
nginx version: TIMINGLEE/
built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC)
built with OpenSSL 3.2.2 4 Jun 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
#回收旧版本子进程
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
root 4929 0.0 0.1 6636 2176 pts/0 S+ 10:27 0:00 grep --color=auto nginx
[root@Nginx sbin]# kill -WINCH 1643
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
root 4932 0.0 0.1 6636 2176 pts/0 S+ 10:28 0:00 grep --color=auto nginx版本回滚(回退)操作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30[root@Nginx sbin]# cd /usr/local/nginx/sbin/
[root@Nginx sbin]# cp nginx nginx.new -p
[root@Nginx sbin]# \cp nginx.old nginx -pf
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
[root@Nginx sbin]# kill -HUP 1643
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
nginx 4963 0.0 0.2 14888 3896 ? S 10:32 0:00 nginx: worker process
root 4965 0.0 0.1 6636 2176 pts/0 S+ 10:32 0:00 grep --color=auto nginx
[root@Nginx sbin]# nginx -V
nginx version: nginx/1.28.1
built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC)
built with OpenSSL 3.2.2 4 Jun 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
#回收新版本进程
[root@Nginx sbin]# kill -WINCH 4919
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4963 0.0 0.2 14888 3896 ? S 10:32 0:00 nginx: worker process
root 4969 0.0 0.1 6636 2176 pts/0 S+ 10:34 0:00 grep --color=auto nginx
2 核心配置基础
2.1 配置文件管理及核心优化参数
1 | [root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf |
1 | [root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf |
1 | [root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf |
2.2 PC 站点构建
location 块 root 指令用法
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53[root@Nginx conf]# cd /usr/local/nginx/conf/
[root@Nginx conf]# mkdir conf.d
[root@Nginx conf]# vim nginx.conf
82 include "/usr/local/nginx/conf/conf.d/*.conf";
[root@Nginx conf]# nginx -s reload
[root@Nginx conf]# cd conf.d/
[root@Nginx ~]# mkdir -p /webdata/nginx/timinglee.org/lee/html
[root@Nginx ~]# echo lee.timinglee.org > /webdata/nginx/timinglee.org/lee/html/index.html
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location / {
root /webdata/nginx/timinglee.org/lee/html;
}
}
root@Nginx conf.d]# systemctl restart nginx.service
#测试
[root@Nginx conf.d]# vim /etc/hosts
172.25.254.100 Nginx www.timinglee.org lee.timinglee.org
[root@Nginx conf.d]# curl www.timinglee.org
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org
lee.timinglee.org
#local示例需要访问lee.timinglee.org/lee/目录
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location / {
root /webdata/nginx/timinglee.org/lee/html;
}
location /lee { #lee标识location中的root值+location 后面指定的值代表目录的路径
root /webdata/nginx/timinglee.org/lee/html;
}
}
[root@Nginx conf.d]# systemctl restart nginx.service
[root@Nginx conf.d]# mkdir -p /webdata/nginx/timinglee.org/lee/html/lee
[root@Nginx conf.d]# echo lee > /webdata/nginx/timinglee.org/lee/html/lee/index.html
[root@Nginx conf.d]# curl lee.timinglee.org/lee/
leelocation 块 alias 指令用法
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /passwd { #标识文件
alias /etc/passwd;
}
location /passwd/ { #表示目录
alias /mnt/;
}
}
[root@Nginx conf.d]# nginx -s reload
[root@Nginx conf.d]# echo passwd > /mnt/index.html
#测试
[root@Nginx conf.d]# curl lee.timinglee.org/passwd/
passwd
[root@Nginx conf.d]# curl lee.timinglee.org/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
2.3 Location 匹配规则详解
无修饰符匹配
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "/null-1";
}
}
[root@Nginx conf.d]# curl lee.timinglee.org/null/
/null-1
[root@Nginx conf.d]# curl lee.timinglee.org/NULL/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx conf.d]# curl lee.timinglee.org/test/null
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>精确匹配(=)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null { #精确匹配到此结束
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
}
[root@Nginx conf.d]# nginx -s reload
[root@Nginx conf.d]# curl lee.timinglee.org/null
null-2前缀优先匹配(^~)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null {
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
location ^~ /lee {
return 200 "lee";
}
}
[root@Nginx conf.d]# nginx -s reload
lee
[root@Nginx conf.d]# curl lee.timinglee.org/lee
lee
[root@Nginx conf.d]# curl lee.timinglee.org/test/lee
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx conf.d]# curl lee.timinglee.org/lee/test
lee
[root@Nginx conf.d]# curl lee.timinglee.org/aleea/test
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx conf.d]# curl lee.timinglee.org/leeab/test
lee区分大小写正则匹配(~)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null {
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
location ^~ /lee {
return 200 "lee";
}
location ~ /timing/ {
return 200 "timing";
}
}
[root@Nginx conf.d]# nginx -s reload
[root@Nginx conf.d]# curl lee.timinglee.org/timinga/
timing
[root@Nginx conf.d]# curl lee.timinglee.org/timing/
timing
[root@Nginx conf.d]# curl lee.timinglee.org/a/timing/
timing
[root@Nginx conf.d]# curl lee.timinglee.org/a/timinga/
timing
[root@Nginx conf.d]# curl lee.timinglee.org/a/atiming/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx conf.d]# curl lee.timinglee.org/aTiminga/a/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx conf.d]# curl lee.timinglee.org/Timinga/a/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>不区分大小写正则匹配(~*)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null {
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
location ^~ /lee {
return 200 "lee";
}
location ~ /timing/ {
return 200 "timing";
}
location ~* /timinglee {
return 200 "timinglee";
}
}
[root@Nginx conf.d]# nginx -s reload
[root@Nginx conf.d]# curl lee.timinglee.org/Timinglee/
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org/timinglee/
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org/timinglee/a
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org/a/timinglee/a
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org/a/atiminglee/a
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx conf.d]# curl lee.timinglee.org/a/timingleea/a
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org/a/Timinglee/a
timinglee路径转义匹配(\)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null {
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
location ^~ /lee {
return 200 "lee";
}
location ~ /timing/ {
return 200 "timing";
}
location ~* /timinglee {
return 200 "timinglee";
}
location ~* \.(img|php|jsp)$ {
return 200 "app";
}
}
[root@Nginx conf.d]# nginx -s reload
[root@Nginx conf.d]# curl lee.timinglee.org/test.php
app
[root@Nginx conf.d]# curl lee.timinglee.org/test.jsp
app
2.4 基础功能配置
自定义错误页面
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23[root@Nginx ~]# mkdir /usr/local/nginx/errorpage
[root@Nginx ~]# echo "太不巧了,你要访问的页面辞职了!!" > /usr/local/nginx/errorpage/errormessage
[root@Nginx ~]# cat /usr/local/nginx/errorpage/errormessage
太不巧了,你要访问的页面辞职了!!
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
}
[root@Nginx ~]# curl lee.timinglee.org/lee/
太不巧了,你要访问的页面辞职了!!服务访问用户认证
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30[root@Nginx ~]# htpasswd -cmb /usr/local/nginx/conf/.htpasswd admin lee
Adding password for user admin
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /admin {
root /usr/local/nginx/html;
auth_basic "login passwd";
auth_basic_user_file "/usr/local/nginx/conf/.htpasswd";
}
}
[root@Nginx ~]# systemctl restart nginx.service
#测试:
root@Nginx ~]# curl lee.timinglee.org/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx ~]# curl -uadmin:lee http://lee.timinglee.org/admin/
admin自定义错误日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28[root@Nginx ~]# mkdir -p /usr/local/nginx/logs/timinglee.org/
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
}
[root@Nginx ~]# systemctl restart nginx.service
#测试
[root@Nginx ~]# cd /usr/local/nginx/logs/timinglee.org/
[root@Nginx timinglee.org]# ls
lee.error
[root@Nginx timinglee.org]# cat lee.error
[root@Nginx timinglee.org]# curl lee.timinglee.org/lee/
太不巧了,你要访问的页面辞职了!!
[root@Nginx timinglee.org]# cat lee.error
2026/02/01 11:10:57 [error] 2467#0: *1 "/usr/local/nginx/html/lee/index.html" is not found (2: No such file or directory), client: 172.25.254.100, server: lee.timinglee.org, request: "GET /lee/ HTTP/1.1", host: "lee.timinglee.org"文件检测功能
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40[root@Nginx ~]# echo default > /usr/local/nginx/errorpage/default.html
[root@Nginx ~]# cat /usr/local/nginx/errorpage/default.html
default
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
root /usr/local/nginx/errorpage;
try_files $uri $uri.html $uri/index.html /default.html;
}
[root@Nginx ~]# nginx -s reload
#测试:
[root@Nginx ~]# curl -v lee.timinglee.org/aaaaaaaaaa/
* Trying 172.25.254.100:80...
* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)
> GET /aaaaaaaaaa/ HTTP/1.1
> Host: lee.timinglee.org
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.28.1
< Date: Sun, 01 Feb 2026 06:25:45 GMT
< Content-Type: text/html
< Content-Length: 8
< Last-Modified: Sun, 01 Feb 2026 06:17:57 GMT
< Connection: keep-alive
< Keep-Alive: timeout=100
< ETag: "697ef015-8"
< Accept-Ranges: bytes
<
default
* Connection #0 to host lee.timinglee.org left intact状态监控页配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /nginx_status{
stub_status;
auth_basic "auth login";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 172.25.254.0/24;
deny all;
}
}
[root@Nginx ~]# nginx -s reload访问效果
资源压缩功能配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58[root@Nginx ~]# mkdir /usr/local/nginx/timinglee.org/lee/html -p
[root@Nginx ~]# echo hello lee > /usr/local/nginx/timinglee.org/lee/html/index.html
[root@Nginx html]# cp /usr/local/nginx/logs/access.log /usr/local/nginx/timinglee.org/lee/html/bigfile.txt
[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
gzip on;
gzip_comp_level 4;
gzip_disable "MSIE [1-6]\.";
gzip_min_length 1024k;
gzip_buffers 32 1024k
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/gif image/png;
gzip_vary on;
gzip_static on;
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /nginx_status{
stub_status;
auth_basic "auth login";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 172.25.254.0/24;
deny all;
}
}
[root@Nginx ~]# nginx -s reload
#测试
[root@Nginx html]# curl --head --compressed lee.timinglee.org/bigfile.txt
HTTP/1.1 200 OK
Server: nginx/1.28.1
Date: Sun, 01 Feb 2026 07:32:10 GMT
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2026 07:29:53 GMT
Connection: keep-alive
Keep-Alive: timeout=100
Vary: Accept-Encoding
ETag: W/"697f00f1-2ca84bd"
Content-Encoding: gzip
[root@Nginx html]# curl --head --compressed lee.timinglee.org/index.html
HTTP/1.1 200 OK
Server: nginx/1.28.1
Date: Sun, 01 Feb 2026 07:32:19 GMT
Content-Type: text/html
Content-Length: 10
Last-Modified: Sun, 01 Feb 2026 07:19:59 GMT
Connection: keep-alive
Keep-Alive: timeout=100
ETag: "697efe9f-a"
Accept-Ranges: bytes
3 连接与性能优化
3.1 Keepalived 长连接优化
长连接超时时间设定
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
keepalive_timeout 5;
[root@Nginx ~]# nginx -s reload
#测试
[root@Nginx ~]# dnf install telnet -y
[root@Nginx ~]# telnet www.timinglee.org 80
Trying 172.25.254.100...
Connected to www.timinglee.org.
Escape character is '^]'.
GET / HTTP/1.1 <<<<
Host: www.timinglee.org <<<<
<<<
HTTP/1.1 200 OK
Server: nginx/1.28.1
Date: Sat, 31 Jan 2026 08:27:02 GMT
Content-Type: text/html
Content-Length: 10
Last-Modified: Thu, 29 Jan 2026 09:02:15 GMT
Connection: keep-alive
ETag: "697b2217-a"
Accept-Ranges: bytes
timinglee 显示的页面出现后根据设定的长链接时间会等待,超过时间后会自动退出
Connection closed by foreign host.长连接最大请求次数设定
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
keepalive_requests 3;
[root@Nginx ~]# nginx -s reload
#测试
[root@Nginx ~]# telnet www.timinglee.org 80
Trying 172.25.254.100...
Connected to www.timinglee.org.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.timinglee.org
HTTP/1.1 200 OK #第一次
Server: nginx/1.28.1
Date: Sat, 31 Jan 2026 08:32:14 GMT
Content-Type: text/html
Content-Length: 10
Last-Modified: Thu, 29 Jan 2026 09:02:15 GMT
Connection: keep-alive
Keep-Alive: timeout=100
ETag: "697b2217-a"
Accept-Ranges: bytes
timinglee
GET / HTTP/1.1
Host: www.timinglee.org
HTTP/1.1 200 OK #第二次
Server: nginx/1.28.1
Date: Sat, 31 Jan 2026 08:32:24 GMT
Content-Type: text/html
Content-Length: 10
Last-Modified: Thu, 29 Jan 2026 09:02:15 GMT
Connection: keep-alive
Keep-Alive: timeout=100
ETag: "697b2217-a"
Accept-Ranges: bytes
timinglee
GET / HTTP/1.1
Host: www.timinglee.org
HTTP/1.1 200 OK #第三次
Server: nginx/1.28.1
Date: Sat, 31 Jan 2026 08:32:35 GMT
Content-Type: text/html
Content-Length: 10
Last-Modified: Thu, 29 Jan 2026 09:02:15 GMT
Connection: close
ETag: "697b2217-a"
Accept-Ranges: bytes
timinglee
Connection closed by foreign host.
3.2 Nginx 变量详解
添加 echo 模块(Nginx 升级)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34[root@Nginx ~]# systemctl stop nginx.service
[root@Nginx ~]# ps aux | grep nginx
root 5193 0.0 0.1 6636 2176 pts/1 S+ 16:08 0:00 grep --color=auto nginx
[root@Nginx ~]# tar zxf echo-nginx-module-0.64.tar.gz
[root@Nginx ~]# cd nginx-1.28.1/
[root@Nginx nginx-1.28.1]# make clean
[root@Nginx nginx-1.28.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/root/echo-nginx-module-0.64
[root@Nginx nginx-1.28.1]# make
[root@Nginx nginx-1.28.1]# rm -rf /usr/local/nginx/sbin/nginx
[root@Nginx nginx-1.28.1]# cp objs/nginx /usr/local/nginx/sbin/ -p
#测试
[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $remote_addr;
}
}
[root@Nginx nginx-1.28.1]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@Nginx nginx-1.28.1]# systemctl start nginx.service内置核心变量
1
2
3
4
5
6
7
8
9
10
11
12
13
14[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $remote_addr;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload
[root@Nginx nginx-1.28.1]# curl lee.timinglee.org/vars/
172.25.254.1001
2
3
4
5
6
7
8
9
10
11
12
13
14[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $args;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload
[root@Nginx nginx-1.28.1]# curl "http://lee.timinglee.org/vars?key=lee&id=11"
key=lee&id=111
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $args;
echo $is_args;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload
[root@Nginx nginx-1.28.1]# curl "http://lee.timinglee.org/vars?key=lee&id=11"
172.25.254.100
key=lee&id=11
?
[root@Nginx nginx-1.28.1]# curl "http://lee.timinglee.org/vars"
172.25.254.1001
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $document_root;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload
[root@Nginx nginx-1.28.1]# curl "http://lee.timinglee.org/vars?key=lee&id=11"
/usr/local/nginx/timinglee.org/lee/html1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $remote_addr;
echo $args;
echo $is_args;
echo $document_root;
echo $document_uri;
echo $host;
echo $remote_port;
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
echo $server_protocol;
echo $server_addr;
echo $server_name;
echo $server_port;
echo $http_user_agent;
echo $cookie_key2;
echo $http_user_agent;
echo $sent_http_content_type;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload
[root@Nginx nginx-1.28.1]# curl -b "key1=hello,key2=timinglee" -A "haha" -ulee:lee "http://lee.timinglee.org/vars?key=lee&id=11"
172.25.254.100
key=lee&id=11
?
/usr/local/nginx/timinglee.org/lee/html
/vars
lee.timinglee.org
45156
lee
GET
/usr/local/nginx/timinglee.org/lee/html/vars
/vars?key=lee&id=11
http
HTTP/1.1
172.25.254.100
lee.timinglee.org
80
haha
timinglee
haha
text/html自定义变量配置与使用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $remote_addr;
echo $args;
echo $is_args;
echo $document_root;
echo $document_uri;
echo $host;
echo $remote_port;
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
echo $server_protocol;
echo $server_addr;
echo $server_name;
echo $server_port;
echo $http_user_agent;
echo $cookie_key2;
echo $http_user_agent;
echo $sent_http_content_type;
set $test lee; #手动设定变量值
echo $test;
set $web_port $server_port; #变量个传递
echo $web_port;
}
}
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# curl lee.timinglee.org/vars/
172.25.254.100
/usr/local/nginx/timinglee.org/lee/html
/vars/
lee.timinglee.org
42538
GET
/usr/local/nginx/timinglee.org/lee/html/vars/
/vars/
http
HTTP/1.1
172.25.254.100
lee.timinglee.org
80
curl/7.76.1
curl/7.76.1
text/html
lee
80
3.3 下载服务器搭建
1 | [root@Nginx ~]# mkdir -p /usr/local/nginx/download |
访问
目录列表功能启用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
}
}
[root@Nginx ~]# nginx -s reload访问效果
下载限速配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46[root@Nginx ~]# wget http://lee.timinglee.org/download/bigfile
--2026-02-01 11:37:52-- http://lee.timinglee.org/download/bigfile
正在解析主机 lee.timinglee.org (lee.timinglee.org)... 172.25.254.100
正在连接 lee.timinglee.org (lee.timinglee.org)|172.25.254.100|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:104857600 (100M) [application/octet-stream]
正在保存至: “bigfile”
bigfile 100%[=================================>] 100.00M 232MB/s 用时 0.4s
2026-02-01 11:37:52 (232 MB/s) - 已保存 “bigfile” [104857600/104857600])
[root@Nginx ~]# rm -fr bigfile
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
limit_rate 1024k;
}
}
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# wget http://lee.timinglee.org/download/bigfile
--2026-02-01 11:39:09-- http://lee.timinglee.org/download/bigfile
正在解析主机 lee.timinglee.org (lee.timinglee.org)... 172.25.254.100
正在连接 lee.timinglee.org (lee.timinglee.org)|172.25.254.100|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:104857600 (100M) [application/octet-stream]
正在保存至: “bigfile”
bigfile 12%[===> ] 12.00M 1.00MB/s 剩余 88s文件大小/时间显示优化
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
limit_rate 1024k;
autoindex_exact_size off;
}
}
[root@Nginx ~]# nginx -s reload效果
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18root@Nginx ~]# curl lee.timinglee.org/download
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx ~]# curl lee.timinglee.org/download/
<html>
<head><title>Index of /download/</title></head>
<body>
<h1>Index of /download/</h1><hr><pre><a href="../">../</a>
<a href="bigfile">bigfile</a> 01-Feb-2026 03:28 100M
<a href="passwd">passwd</a> 01-Feb-2026 03:27 1294
</pre><hr></body>
</html>时间显示调整
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
limit_rate 1024k;
autoindex_exact_size off;
autoindex_localtime on;
}
}
[root@Nginx ~]# nginx -s reload效果:
列表页面风格设定
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
limit_rate 1024k;
autoindex_exact_size off;
autoindex_localtime on;
autoindex_format html | xml | json | jsonp;
}
}
[root@Nginx ~]# nginx -s reloadxml风格
json风格
4 URL 与安全配置
4.1 网页重写(Rewrite)
重写核心指令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#if
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /webdir/timinglee.org/lee/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
if ( $http_user_agent ~* firefox ) {
return 200 "test if messages";
}
}
}
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# curl lee.timinglee.org
lee page
[root@Nginx ~]# curl -A "firefox" lee.timinglee.org
test if messages[root@Nginx ~]#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#set
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /webdir/timinglee.org/lee/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
set $testname timinglee;
echo $testname;
}
}
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# curl lee.timinglee.org
timinglee1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22#return
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /webdir/timinglee.org/lee/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
return 200 "hello world";
}
}
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# curl lee.timinglee.org
hello world1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#break
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /webdir/timinglee.org/lee/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
set $test1 lee1;
set $test2 lee2;
if ($http_user_agent = firefox){
break;
}
set $test3 lee3;
echo $test1 $test2 $test3;
}
}
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# curl lee.timinglee.org
lee1 lee2 lee3
[root@Nginx ~]# curl -A "firefox" lee.timinglee.org
lee1 lee2Rewrite 规则 flag 标记详解
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#redirect;
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /webdir/timinglee.org/lee/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
rewrite / http://www.baidu.com redirect;
}
}
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# curl -I lee.timinglee.org
HTTP/1.1 302 Moved Temporarily #定向方式返回值
Server: nginx/1.28.1
Date: Tue, 03 Feb 2026 02:43:47 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Keep-Alive: timeout=100
Location: http://www.baidu.com #定向效果1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31#permanent
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /webdir/timinglee.org/lee/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location / {
rewrite / http://www.baidu.com permanent;
}
}
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# curl -I lee.timinglee.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.28.1
Date: Tue, 03 Feb 2026 02:45:38 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=100
Location: http://www.baidu.com1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69#break 和 last
[root@Nginx ~]# mkdir /webdir/timinglee.org/lee/html/{break,last,test1,test2}
[root@Nginx ~]# echo break > /webdir/timinglee.org/lee/html/break/index.html
[root@Nginx ~]# echo last > /webdir/timinglee.org/lee/html/last/index.html
[root@Nginx ~]# echo test1 > /webdir/timinglee.org/lee/html/test1/index.html
[root@Nginx ~]# echo test2 > /webdir/timinglee.org/lee/html/test2/index.html
#break
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /webdir/timinglee.org/lee/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location /break {
rewrite /break/(.*) /test1/$1 break;
rewrite /test1 /test2;
}
location /test1 {
return 200 "test1 end page";
}
location /test2 {
return 200 "TEST2 END PAGE";
}
}
root@Nginx ~]# nginx -s reload
[root@Nginx ~]# curl -L lee.timinglee.org/break/index.html
test1
#last
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /webdir/timinglee.org/lee/html;
location /vars {
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
}
location /break {
rewrite /break/(.*) /test1/$1 last;
rewrite /test1 /test2;
}
location /test1 {
return 200 "test1 end page";
}
location /test2 {
return 200 "TEST2 END PAGE";
}
}
root@Nginx ~]# nginx -s reload
[root@Nginx ~]# curl -L lee.timinglee.org/break/index.html
test1 end page
4.2 全站加密实现
加密密钥(key)制作
1
[root@Nginx ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/timinglee.org.key -x509 -days 365 -out /usr/local/nginx/certs/timinglee.org.crt
全站加密配置文件编辑
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
listen 443 ssl;
ssl_certificate /usr/local/nginx/certs/timinglee.org.crt;
ssl_certificate_key /usr/local/nginx/certs/timinglee.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name lee.timinglee.org;
root /webdir/timinglee.org/lee/html;
location / {
if ($scheme = http ){
rewrite /(.*) https://$host/$1 redirect;
}
}
}
[root@Nginx ~]# systemctl restart nginx.service
#测试
[root@Nginx ~]# curl -I http://lee.timinglee.org/test1/
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.28.1
Date: Tue, 03 Feb 2026 03:21:22 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Keep-Alive: timeout=100
Location: https://lee.timinglee.org/test1/
4.3 防盗链配置
1 | [root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf |
在测试时:
1 | #另外的web服务器 |
5 反向代理与负载均衡
5.1 基础反向代理
实验环境准备
1
2
3
4
5
6
7
8
9
10
11
12
13#172.25.254.10 RS1 172.25.254.20 RS2
[root@RSX ~]# dnf install httpd -y
[root@RSX ~]# systemctl enable --now httpd
[root@RSX ~]# echo 172.25.254.20 > /var/www/html/index.html
#测试 在Nginx主机中
[root@Nginx ~]# curl 172.25.254.10
172.25.254.10
[root@Nginx ~]# curl 172.25.254.20
172.25.254.20反向代理实现
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26[root@RS2 ~]# mkdir /var/www/html/web
[root@RS2 ~]# echo 172.25.254.20 web > /var/www/html/web/index.html
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location / {
proxy_pass http://172.25.254.10:80;
}
location /web {
proxy_pass http://172.25.254.20:80;
}
}
[root@Nginx ~]# nginx -s reload
#测试
[root@Nginx ~]# curl 172.25.254.20/web/
172.25.254.20 web
[root@Nginx ~]# curl 172.25.254.10
172.25.254.10proxy_hide_header / proxy_pass_header 配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62[Administrator.DESKTOP-VJ307M3] ➤ curl -v lee.timinglee.org
* Trying 172.25.254.100:80...
* TCP_NODELAY set
* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)
> GET / HTTP/1.1
> Host: lee.timinglee.org
> User-Agent: curl/7.65.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.28.1
< Date: Tue, 03 Feb 2026 06:31:03 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 14
< Connection: keep-alive
< Keep-Alive: timeout=100
< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT
< ETag: "e-649e570e8a49f" #可以看到ETAG信息
< Accept-Ranges: bytes
<
172.25.254.10
* Connection #0 to host lee.timinglee.org left intact
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location / {
proxy_pass http://172.25.254.10:80;
proxy_hide_header ETag;
}
location /web {
proxy_pass http://172.25.254.20:80;
}
}
[root@Nginx ~]# nginx -s reload
#测试
[Administrator.DESKTOP-VJ307M3] ➤ curl -v lee.timinglee.org
* Trying 172.25.254.100:80...
* TCP_NODELAY set
* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)
> GET / HTTP/1.1
> Host: lee.timinglee.org
> User-Agent: curl/7.65.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.28.1
< Date: Tue, 03 Feb 2026 06:33:11 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 14
< Connection: keep-alive
< Keep-Alive: timeout=100
< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT
< Accept-Ranges: bytes
<
172.25.254.101
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62[Administrator.DESKTOP-VJ307M3] ➤ curl -v lee.timinglee.org
* Trying 172.25.254.100:80...
* TCP_NODELAY set
* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)
> GET / HTTP/1.1
> Host: lee.timinglee.org
> User-Agent: curl/7.65.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.28.1 #默认访问不透传server信息
< Date: Tue, 03 Feb 2026 06:35:35 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 14
< Connection: keep-alive
< Keep-Alive: timeout=100
< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT
< Accept-Ranges: bytes
<
172.25.254.10
* Connection #0 to host lee.timinglee.org left intact
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location / {
proxy_pass http://172.25.254.10:80;
proxy_pass_header Server;
}
location /web {
proxy_pass http://172.25.254.20:80;
}
}
[root@Nginx ~]# nginx -s reload
Administrator.DESKTOP-VJ307M3] ➤ curl -v lee.timinglee.org
* Trying 172.25.254.100:80...
* TCP_NODELAY set
* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)
> GET / HTTP/1.1
> Host: lee.timinglee.org
> User-Agent: curl/7.65.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Tue, 03 Feb 2026 06:37:25 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 14
< Connection: keep-alive
< Keep-Alive: timeout=100
< Server: Apache/2.4.62 (Red Hat Enterprise Linux) #透传结果
< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT
< Accept-Ranges: bytes
<
172.25.254.10
* Connection #0 to host lee.timinglee.org left intact客户端真实信息透传
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29[root@RS1 ~]# vim /etc/httpd/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" combined
[root@RS1 ~]# systemctl restart httpd
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location / {
proxy_pass http://172.25.254.10:80;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /web {
proxy_pass http://172.25.254.20:80;
}
[root@Nginx ~]# nginx -s reload
[Administrator.DESKTOP-VJ307M3] ➤ curl lee.timinglee.org
172.25.254.10
[root@RS1 ~]# cat /etc/httpd/logs/access_log
172.25.254.100 - - [03/Feb/2026:14:47:37 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.65.0" "172.25.254.1"
5.2 动静分离(反向代理实现)
实验机环境准备
1
2
3
4
5
6
7
8
9
10#在10中
[root@RS1 ~]# dnf install php -y
[root@RS1 ~]# systemctl restart httpd
[root@RS1 ~]# vim /var/www/html/index.php
<?php
echo "<h2>172.25.254.10</h2>";
phpinfo();
?>动静分离功能实现
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location / {
proxy_pass http://172.25.254.20:80;
}
location ~* \.(php|js)$ {
proxy_pass http://172.25.254.10:80;
}
}
[root@Nginx ~]# nginx -s reload测试:
5.3 缓存加速配置
未启用缓存的基准压测
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55[Administrator.DESKTOP-VJ307M3] ➤ ab -n 10000 -c 50 lee.timinglee.org/index.php
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking lee.timinglee.org (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests
Server Software: nginx/1.28.1
Server Hostname: lee.timinglee.org
Server Port: 80
Document Path: /index.php
Document Length: 72921 bytes
Concurrency Level: 50
Time taken for tests: 13.678 seconds
Complete requests: 10000
Failed requests: 9963 #失败的
(Connect: 0, Receive: 0, Length: 9963, Exceptions: 0)
Total transferred: 731097819 bytes
HTML transferred: 729237819 bytes
Requests per second: 731.10 [#/sec] (mean)
Time per request: 68.390 [ms] (mean)
Time per request: 1.368 [ms] (mean, across all concurrent requests)
Transfer rate: 52197.72 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 7 4.0 6 26
Processing: 4 61 168.8 44 3405
Waiting: 2 38 129.9 26 3316
Total: 5 68 168.7 51 3405
Percentage of the requests served within a certain time (ms)
50% 51
66% 61
75% 68
80% 71
90% 83
95% 92
98% 105
99% 506
100% 3405 (longest request)缓存加速规则与策略配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;
server {
listen 80;
server_name lee.timinglee.org;
location / {
proxy_pass http://172.25.254.20:80;
}
location ~* \.(php|js)$ {
proxy_pass http://172.25.254.10:80;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 1m;
}
}
[root@Nginx ~]# systemctl restart nginx.service
[root@Nginx ~]# tree /usr/local/nginx/proxy_cache/
/usr/local/nginx/proxy_cache/
0 directories, 0 files
#测试
[Administrator.DESKTOP-VJ307M3] ➤ ab -n 10000 -c 50 lee.timinglee.org/index.php
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking lee.timinglee.org (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests
Server Software: nginx/1.28.1
Server Hostname: lee.timinglee.org
Server Port: 80
Document Path: /index.php
Document Length: 72925 bytes
Concurrency Level: 50
Time taken for tests: 4.365 seconds
Complete requests: 10000
Failed requests: 0
Total transferred: 731110000 bytes
HTML transferred: 729250000 bytes
Requests per second: 2290.76 [#/sec] (mean)
Time per request: 21.827 [ms] (mean)
Time per request: 0.437 [ms] (mean, across all concurrent requests)
Transfer rate: 163554.31 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 4 1.8 4 11
Processing: 4 18 31.3 15 734
Waiting: 1 9 30.7 5 726
Total: 6 22 31.2 20 734
Percentage of the requests served within a certain time (ms)
50% 20
66% 21
75% 21
80% 22
90% 27
95% 32
98% 41
99% 46
100% 734 (longest request)
[root@Nginx ~]# tree /usr/local/nginx/proxy_cache/
/usr/local/nginx/proxy_cache/
└── 1
└── af
└── 15
└── e251273eb74a8ee3f661a7af00915af1
3 directories, 1 file
5.4 负载均衡配置
实验环境准备
1
2
3172.25.254.100 #Nginx 代理服务器
172.25.254.10 #后端web A,Apache部署
172.25.254.20 #后端web B,Apache部署基础负载均衡实现
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62[root@Nginx ~]# mkdir /usr/local/nginx/conf/upstream/
[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
events {
worker_connections 10000;
use epoll;
accept_mutex on;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
include "/usr/local/nginx/conf/upstream/*.conf"; #子配置目录
[root@Nginx ~]# vim /usr/local/nginx/conf/upstream/loadbalance.conf
upstream webserver {
server 172.25.254.10:80 weight=1 fail_timeout=15s max_fails=3;
server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3;
server 172.25.254.100:8888 backup;
}
server {
listen 80;
server_name www.timinglee.org;
location ~ / {
proxy_pass http://webserver;
}
}
[root@Nginx ~]# mkdir /webdir/timinglee.org/error/html -p
[root@Nginx ~]# echo error > /webdir/timinglee.org/error/html/index.html
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 8888;
root /webdir/timinglee.org/error/html;
}
#测试:
[root@Nginx ~]# curl www.timinglee.org
172.25.254.10
[root@Nginx ~]# curl www.timinglee.org
172.25.254.20
[root@Nginx ~]# curl www.timinglee.org
172.25.254.10
[root@Nginx ~]# curl www.timinglee.org
172.25.254.20
[root@Nginx ~]# curl www.timinglee.org
172.25.254.20
[root@Nginx ~]# curl www.timinglee.org
172.25.254.20
[root@RS1+2 ~]# systemctl stop httpd
[root@Nginx ~]# curl www.timinglee.org
error负载均衡调度算法详解
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26[root@Nginx ~]# vim /usr/local/nginx/conf/upstream/loadbalance.conf
upstream webserver {
#ip_hash;
#hash $request_uri consistent;
#least_conn;
hash $cookie_lee;
server 172.25.254.10:80 weight=1 fail_timeout=15s max_fails=3;
server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3;
#server 172.25.254.100:8888 backup;
}
server {
listen 80;
server_name www.timinglee.org;
location ~ / {
proxy_pass http://webserver;
}
}
#
[root@Nginx ~]# curl -b lee=20 www.timinglee.org
[root@Nginx ~]# curl www.timinglee.org/web1/index.html
[root@Nginx ~]# curl www.timinglee.org/
5.5 四层负载均衡代理
MySQL/DNS 实验环境准备
mysql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43[root@RS1 ~]# dnf install mariadb-server -y
[root@RS2 ~]# dnf install mariadb-server -y
[root@RS1 ~]# vim /etc/my.cnf.d/mariadb-server.cnf
server-id=10
[root@RS2 ~]# vim /etc/my.cnf.d/mariadb-server.cnf
server-id=20
[root@RS1 ~]# systemctl enable --now mariadb
[root@RS2 ~]# systemctl enable --now mariadb
[root@RS1 ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.5.27-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE USER lee@'%' IDENTIFIED BY 'lee';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL ON *.* TO lee@'%';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]>
[root@RS2 ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.5.27-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE USER lee@'%' IDENTIFIED BY 'lee';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL ON *.* TO lee@'%';
Query OK, 0 rows affected (0.001 sec)dns
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102[root@RS1 ~]# dnf install bind -y
[root@RS2 ~]# dnf install bind -y
[root@RS1 ~]# vim /etc/named.conf
[root@RS2 ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
dnssec-validation no;
[root@RS1 ~]# vim /etc/named.rfc1912.zones
[root@RS2 ~]# vim /etc/named.rfc1912.zones
zone "timinglee.org" IN {
type master;
file "timinglee.org.zone";
allow-update { none; };
};
[root@RS1 ~]# cd /var/named/
[root@RS2 ~]# cd /var/named/
[root@RS1 named]# cp -p named.localhost timinglee.org.zone
[root@RS2 named]# cp -p named.localhost timinglee.org.zone
[root@RS1 named]# vim timinglee.org.zone
$TTL 1D
@ IN SOA dns.timingle.org. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.timinglee.org.
dns A 172.25.254.10
[root@RS2 named]# vim timinglee.org.zone
$TTL 1D
@ IN SOA dns.timingle.org. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.timinglee.org.
dns A 172.25.254.20
[root@RS2 named]# systemctl enable --now named
#测试
[root@RS1 named]# dig dns.timinglee.org @172.25.254.10
; <<>> DiG 9.16.23-RH <<>> dns.timinglee.org @172.25.254.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24486
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4bb88849cac36aa4010000006982fef4676bf81574ab80b7 (good)
;; QUESTION SECTION:
;dns.timinglee.org. IN A
;; ANSWER SECTION:
dns.timinglee.org. 86400 IN A 172.25.254.10
;; Query time: 3 msec
;; SERVER: 172.25.254.10#53(172.25.254.10)
;; WHEN: Wed Feb 04 16:10:28 CST 2026
;; MSG SIZE rcvd: 90
[root@RS1 named]# dig dns.timinglee.org @172.25.254.20
; <<>> DiG 9.16.23-RH <<>> dns.timinglee.org @172.25.254.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42456
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7c088d4822b8f1c1010000006982fef9047f3812bdaf7c0e (good)
;; QUESTION SECTION:
;dns.timinglee.org. IN A
;; ANSWER SECTION:
dns.timinglee.org. 86400 IN A 172.25.254.20
;; Query time: 1 msec
;; SERVER: 172.25.254.20#53(172.25.254.20)
;; WHEN: Wed Feb 04 16:10:33 CST 2026
;; MSG SIZE rcvd: 90TCP 协议四层负载配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58[root@Nginx conf]# mkdir /usr/local/nginx/conf/tcp -p
[root@Nginx conf]# mkdir /usr/local/nginx/conf/udp -p
[root@Nginx conf]# vim /usr/local/nginx/conf/nginx.conf
include "/usr/local/nginx/conf/tcp/*.conf";
[root@Nginx conf]# vim /usr/local/nginx/conf/tcp/mariadb.conf
stream {
upstream mysql_server {
server 172.25.254.10:3306 max_fails=3 fail_timeout=30s;
server 172.25.254.20:3306 max_fails=3 fail_timeout=30s;
}
server {
listen 172.25.254.100:3306;
proxy_pass mysql_server;
proxy_connect_timeout 30s;
proxy_timeout 300s;
}
}
[root@Nginx conf]# nginx -s reload
#检测
[root@Nginx ~]# mysql -ulee -plee -h172.25.254.100
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.5.27-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> SELECT @@server_id;
+-------------+
| @@server_id |
+-------------+
| 10 |
+-------------+
1 row in set (0.001 sec)
MariaDB [(none)]> quit
Bye
[root@Nginx ~]# mysql -ulee -plee -h172.25.254.100
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.5.27-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> SELECT @@server_id;
+-------------+
| @@server_id |
+-------------+
| 20 |
+-------------+
1 row in set (0.001 sec)UDP 协议四层负载配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75[root@Nginx ~]# vim /usr/local/nginx/conf/tcp/mariadb.conf
stream {
upstream mysql_server {
server 172.25.254.10:3306 max_fails=3 fail_timeout=30s;
server 172.25.254.20:3306 max_fails=3 fail_timeout=30s;
}
upstream dns_server{
server 172.25.254.10:53 max_fails=3 fail_timeout=30s;
server 172.25.254.20:53 max_fails=3 fail_timeout=30s;
}
server {
listen 172.25.254.100:3306;
proxy_pass mysql_server;
proxy_connect_timeout 30s;
proxy_timeout 300s;
}
server {
listen 172.25.254.100:53 udp;
proxy_pass dns_server;
proxy_timeout 1s;
proxy_responses 1;
error_log logs/dns.log;
}
}
[root@Nginx ~]# nginx -s reload
#测试
[root@Nginx ~]# dig dns.timinglee.org @172.25.254.100
; <<>> DiG 9.16.23-RH <<>> dns.timinglee.org @172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32224
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 9ac742ccc566d4450100000069830452db8dce1f1b224c9f (good)
;; QUESTION SECTION:
;dns.timinglee.org. IN A
;; ANSWER SECTION:
dns.timinglee.org. 86400 IN A 172.25.254.10
;; Query time: 2 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed Feb 04 16:33:22 CST 2026
;; MSG SIZE rcvd: 90
[root@Nginx ~]# dig dns.timinglee.org @172.25.254.100
; <<>> DiG 9.16.23-RH <<>> dns.timinglee.org @172.25.254.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2259
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7f9ffa4884c0b685010000006983045565fd892fc72c5514 (good)
;; QUESTION SECTION:
;dns.timinglee.org. IN A
;; ANSWER SECTION:
dns.timinglee.org. 86400 IN A 172.25.254.20
;; Query time: 2 msec
;; SERVER: 172.25.254.100#53(172.25.254.100)
;; WHEN: Wed Feb 04 16:33:25 CST 2026
;; MSG SIZE rcvd: 90
6 整合应用
6.1 Nginx 与 PHP 服务整合
1 | [root@Nginx conf.d]# mkdir /webdir/timinglee.org/php/html -p |
6.2 PHP 源码编译
PHP 源码包下载与解压
1
2
3
4
5
6
7
8
9
10[root@Nginx ~]# wget https://www.php.net/distributions/php-8.3.30.tar.gz
[root@Nginx ~]# wget https://mirrors.aliyun.com/rockylinux/9.7/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.6.x86_64.rpm #依赖
[root@Nginx ~]# tar zxf php-8.3.30.tar.gz
[root@Nginx ~]# ls
anaconda-ks.cfg lee.png nginx-1.29.4.tar.gz test.c
daolian.png nginx-1.28.1 php-8.3.30
echo-nginx-module-0.64 nginx-1.28.1.tar.gz php-8.3.30.tar.gz
echo-nginx-module-0.64.tar.gz nginx-1.29.4 test
[root@Nginx ~]# cd php-8.3.30源码编译与安装
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29[root@Nginx ~]# dnf install gcc systemd-devel-252-51.el9.x86_64 libxml2-devel.x86_64 sqlite-devel.x86_64 libcurl-devel.x86_64 libpng-devel.x86_64 oniguruma-devel-6.9.6-1.el9.6.x86_64.rpm -y
[root@Nginx ~]# cd php-8.3.30/
[root@Nginx php-8.3.30]# ./configure \
--prefix=/usr/local/php \ #安装路径
--with-config-file-path=/usr/local/php/etc \ #指定配置路径
--enable-fpm \ #用cgi方式启动程序
--with-fpm-user=nginx \ #指定运行用户身份
--with-fpm-group=nginx \
--with-curl \ #打开curl浏览器支持
--with-iconv \ #启用iconv函数,转换字符编码
--with-mhash \ #mhash加密方式扩展库
--with-zlib \ #支持zlib库,用于压缩http压缩传输
--with-openssl \ #支持ssl加密
--enable-mysqlnd \ #mysql数据库
--with-mysqli \
--with-pdo-mysql \
--disable-debug \ #关闭debug功能
--enable-sockets \ #支持套接字访问
--enable-soap \ #支持soap扩展协议
--enable-xml \ #支持xml
--enable-ftp \ #支持ftp
--enable-gd \ #支持gd库
--enable-exif \ #支持图片元数据
--enable-mbstring \ #支持多字节字符串
--enable-bcmath \ #打开图片大小调整,用到zabbix监控的时候用到了这个模块
--with-fpm-systemd #支持systemctl 管理cgi
[root@Nginx php-8.3.30]# make && make instsallPHP 基础配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31[root@Nginx php-8.3.30]# cd /usr/local/php/etc
[root@Nginx etc]# cp -p php-fpm.conf.default php-fpm.conf
[root@Nginx etc]# vim php-fpm.conf
[global]
; Pid file
; Note: the default prefix is /usr/local/php/var
; Default Value: none
pid = run/php-fpm.pid
[root@Nginx etc]# cd php-fpm.d/
[root@Nginx php-fpm.d]# cp www.conf.default www.conf
[root@Nginx php-fpm.d]# vim www.conf
41 listen = 0.0.0.0:9000
[root@Nginx php-fpm.d]# cp /root/php-8.3.30/php.ini-production /usr/local/php/etc/php.ini
[root@Nginx php-fpm.d]# vim /usr/local/php/etc/php.ini
989 date.timezone = Asia/Shangha
[root@Nginx ~]# cp /root/php-8.3.30/sapi/fpm/php-fpm.service /lib/systemd/system/
[root@Nginx ~]# vim /lib/systemd/system/php-fpm.service
# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit.
#ProtectSystem=full #注释此参数
[root@Nginx ~]# systemctl daemon-reload
[root@Nginx ~]# systemctl enable --now php-fpm
[root@Nginx ~]# netstat -antlupe | grep php
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 0 329917 165562/php-fpm: masPHP 系统环境变量配置
1
2
3
4
5[root@Nginx ~]# vim ~/.bash_profile
export PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/sbin:/usr/local/php/bin
[root@Nginx ~]# source ~/.bash_profile
[root@Nginx ~]# php -m
6.3 Nginx + Memcache 高速缓存
Nginx 重新编译(添加对应模块)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20[root@Nginx ~]# systemctl stop nginx.service
[root@Nginx ~]# cp /usr/local/nginx/conf/ /mnt/ -r
[root@Nginx ~]# rm -fr /usr/local/nginx/
[root@Nginx ~]# rm -rf nginx-1.29.4 nginx-1.28.1
[root@Nginx ~]# tar zxf nginx-1.28.1.tar.gz
[root@Nginx ~]# cd nginx-1.28.1/
[root@Nginx ~]# tar zxf srcache-nginx-module-0.33.tar.gz
[root@Nginx ~]# tar zxf memc-nginx-module-0.20.tar.gz
[root@Nginx ~]# cd nginx-1.28.1/
[root@Nginx nginx-1.28.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/root/echo-nginx-module-0.64 --add-module=/root/memc-nginx-module-0.20 --add-module=/root/srcache-nginx-module-0.33
[root@Nginx nginx-1.28.1]# make && make install
[root@Nginx ~]# cd /usr/local/nginx/conf
[root@Nginx conf]# rm -fr nginx.conf
[root@Nginx conf]# cp /mnt/conf/nginx.conf /mnt/conf/conf.d/ . -r
[root@Nginx conf]# systemctl start nginx.serviceMemcache 服务整合配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33[root@Nginx conf]# vim /usr/local/nginx/conf/conf.d/php.conf
upstream memcache {
server 127.0.0.1:11211;
keepalive 512;
}
server {
listen 80;
server_name php.timinglee.org;
root /webdir/timinglee.org/php/html;
index index.php index.html;
location /memc {
internal;
memc_connect_timeout 100ms;
memc_send_timeout 100ms;
memc_read_timeout 100ms;
set $memc_key $query_string;
set $memc_exptime 300;
memc_pass memcache;
}
location ~ \.php$ {
set $key $uri$args;
srcache_fetch GET /memc $key;
srcache_store PUT /memc $key;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
[root@Nginx conf]# nginx -s reload
#测试
[root@Nginx conf]# ab -n 10000 -c500 http://php.timinglee.org/example.php
7 扩展工具
7.1 OpenResty 编译安装与基础使用
1 | [root@Nginx src]#wget https://openresty.org/download/openresty-1.27.1.2.tar.gz |
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来源 Yumi-an!
相关推荐
评论
公告
📝 本博客架构
⚙️ 框架:Hexo
🦋 主题:Butterfly
