nginx

• 什么是 nginx
• 为什么要用 nginx
• 安装
  • 命令行安装
  • source code installation
• 启动和使用
• web 服务配置
  • 配置示例-负载均衡
  • 配置示例-变量代理
  • websocket 代理
  • 代理 port range
  • redirect
• 文件服务器配置
• 其他
• nginx 认证
• 参考资料

什么是 nginx

参考这篇文章: https://www.cnblogs.com/wcwnina/p/8728391.html

为什么要用 nginx

1. 反向代理: web 服务分布式部署, nginx 作为唯一的访问入口, 将请求分发到各个服务器上
2. 负载均衡: 可以为各个服务器分配权重
3. 文件服务

安装

参照官方文档, 两种方式

命令行安装

参照: https://nginx.org/en/linux_packages.html
命令行安装需要 root, 安装后也需要 root 权限启动.
在实际工作过程中, 可能也没有命令行权限来安装.
所以, 如果只给当前用户安装, 可以用源码安装, 如下:

source code installation

1. 下载安装包
   这个页面下有安装包: https://nginx.org/en/download.html
   我们可以选择稳定版, 如果是在图形化界面的服务器, 那么点击就可以下载.
   如果是远端服务器, 只有 shell, 那么在所需要的版本上右键 copy link address, 然后用 wget 下载.
   我们可以下载到当前用户的根目录下

   $ cd ~
   $ wget https://nginx.org/download/nginx-1.22.0.tar.gz
   

2. 解压缩

   $ tar xvf nginx-1.22.0.tar.gz
   $ cd nginx-1.22.0
   

3. installation
   https://nginx.org/en/docs/configure.html

   # 配置, 有很多选项, 参照上面的文档
   # 我只配置了prefix在当前目录下的build, 之后安装的可执行文件和配置文件都在这个目录下
   # 默认的配置是/usr/local/nginx, 需要root权限
   # prefix path should be absolute
   $ ./configure --prefix=/home/yangle/nginx-1.22.0/build
   # 编译
   $ make
   # 安装
   $ make install
   

4. Installation error solution:

   • error: C compiler cc is not found

     https://stackoverflow.com/questions/18076157/why-does-configure-say-no-c-compiler-found-when-gcc-is-installed

     $ yum groupinstall "Development Tools"
     

   • ./configure: error: the HTTP rewrite module requires the PCRE library.

     Lack of PCRE library, we can get the source code from the official website http://pcre.org/

       $ wget wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.bz2
       $ tar xvf pcre-8.39.tar.bz2
       $ cd pcre-8.39/
       $ ./configure
       $ make
       $ make install
     

     Under ubuntu, you can simply install it with apt:

     sudo apt-get install libpcre3-dev
     

     https://blog.cpming.top/p/nginx-http-rewrite-module-requires-pcre

   • ./configure: error: the HTTP gzip module requires the zlib library.

     缺少 zlib 库，我们用源码安装，从官网http://zlib.net/获取下载地址

     $ wget http://zlib.net/zlib-1.2.11.tar.gz
     $ tar xvf zlib-1.2.11.tar.gz
     $ cd zlib-1.2.11/
     $ ./configure
     $ make
     $ make install
     

   • error: C compiler cc is not found

     https://stackoverflow.com/questions/18076157/why-does-configure-say-no-c-compiler-found-when-gcc-is-installed

     $ yum groupinstall "Development Tools"
     

启动和使用

以上面的源码安装为例来说明, 安装在了/home/yangle/nginx-1.22.0/build下, nginx 可执行文件在这个路径下的 sbin 下, 所以执行命令是:

~/nginx-1.22.0/build/sbin/nginx

可能会报错:

nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

这是因为配置文件里默认的对外端口是 80, 当前用户没有权限, 可以修改一下配置文件, 配置文件在哪里呢? 也在安装路径下, 也可以执行命令来显示配置文件路径:

$ ~/nginx-1.22.0/build/sbin/nginx -t
nginx: the configuration file /home/yangle/nginx-1.22.0/build/conf/nginx.conf syntax is ok
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
nginx: configuration file /home/yangle/nginx-1.22.0/build/conf/nginx.conf test failed

然后我们编辑配置文件, 将 listen 80 端口改成其他比如 5000, 8000 等端口. 然后就可以启动了.
我们可以把 nginx 文件软链接到/usr/local/bin下, 这样执行的时候就不用输入一大串路径了:

sudo ln -s ~/nginx-1.22.0/build/sbin/nginx /usr/local/bin/

其他 nginx 的使用方法可以用nginx -h查看:

$ nginx -h
nginx version: nginx/1.22.0
Usage: nginx [-?hvVtTq] [-s signal] [-p prefix]
             [-e filename] [-c filename] [-g directives]

Options:
  -?,-h         : this help
  -v            : show version and exit
  -V            : show version and configure options then exit
  -t            : test configuration and exit
  -T            : test configuration, dump it and exit
  -q            : suppress non-error messages during configuration testing
  -s signal     : send signal to a master process: stop, quit, reopen, reload
  -p prefix     : set prefix path (default: /etc/nginx/)
  -e filename   : set error log file (default: /var/log/nginx/error.log)
  -c filename   : set configuration file (default: /etc/nginx/nginx.conf)
  -g directives : set global directives out of configuration file

比如停止就是: nginx -s stop
修改了配置文件重新加载: nginx -s reload

config

we can use nginx -t to find the conf file’s location, if we have too many conf, put them in one file is not a good idea, we can use include to include other conf files.

http {
  ...

  include /etc/nginx/conf.d/*.conf;
}

simple static web server

react app build html file, we can use nginx to serve it.

server {
    listen       3000;
    server_name  simu;

    location / {
        root   /home/apollo/simu/web/build;
        try_files $uri /index.html;
        proxy_buffering off;

        add_header Cache-Control "no-store max-age=0";
    }
}

web load balance

这里有多台服务器部署多个 python web 服务, 用 gunicorn 启动, 端口是 8888
nginx 可部署在单独的一个服务器上, 作为反向代理, 从 nginx 这一个入口访问, 转发到其他多个服务器的 web 服务

upstream backend{
    server 192.168.199.101:8888 weight=1 max_fails=2 fail_timeout=30s;
    server 192.168.199.102:8888 weight=2 max_fails=2 fail_timeout=30s;
}

server {
    listen 80;
    server_name  exam.aisino.com;

    access_log /home/work/nginx/logs/ksxing.com.log milog;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass backend;
    }
}

配置示例-变量代理

# (\d+)是正则表达式, 所以前面需要用~
# (\d{4})就可以当作$1参数
location ~ "/dvplay/(\d{4})$" {
    proxy_pass http://127.0.0.1:$1/;
}

websocket 代理

http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        listen 5000;
        server_name localhost;

        location ~ "/dvwebsocket/(\d{4})/(\w+)" {
            proxy_pass http://127.0.0.1:$1/$2;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
        }
    }
}

代理 port range

server {
  listen       5100-5199;
  server_name  dvplay;

  location  ~ "/(.*)" {
      proxy_pass  http://192.168.199.102:$server_port/$1;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_set_header Host $host;
  }
}

redirect

server {
  listen 8802;
  server_name redirect-to-140;
  return 301 $scheme://103.61.153.140:8802$request_uri;
}

文件服务器配置

https://www.nginx.com/resources/admin-guide/serving-static-content/

http://www.jianshu.com/p/95602720e7c8

配置实例：

# 这样配置后, localhost:5000就可以访问dist下的文件了
server {
    listen       5000;
    server_name  localhost;

    location / {
      root /home/yangle/Documents/apollo/modules/dreamview/frontend/dist;
      add_header Access-Control-Allow-Origin *;
      autoindex on;
    }
}

如果我们想自定义 url 呢, 比如/play 对应 dist 下的文件, 那么, root 要改成 alias

location /play/ {
    add_header Access-Control-Allow-Origin *;
    autoindex on;
    alias /home/yangle/Documents/apollo/modules/dreamview/frontend/dist;
    default_type text/plain;
}

if file is text file but extend name is not .txt, it will be download if we click it, we can use default_type text/plain; to solve this problem.

其他

• 502 错误举例

  访问页面出现 502 错误

  所有错误信息解决的思路都应该是查看日志，配置文件里有错误日志的文件路径，错误信息如下：

  nginx permission denied while connecting to upstream
  

  解决办法参照: https://stackoverflow.com/questions/23948527/13-permission-denied-while-connecting-to-upstreamnginx

  下面的命令可解决此问题：

  $ setsebool -P httpd_can_network_connect 1
  

nginx 认证

可以限制页面访问: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
示例配置:

server {
    listen       5301;
    server_name  test1;

    auth_basic           "Administrator’s Area";
    auth_basic_user_file /home/apollo/nginx-1.22.0/apache2/.htpasswd;

    location / {
        proxy_pass http://127.0.0.1:8801/;
    }
}

参考资料

https://zhuanlan.zhihu.com/p/34943332

https://www.cnblogs.com/wcwnina/p/8728391.html

https://nginx.org/en/docs/configure.html

http://williamx.blog.51cto.com/3629295/958398

http://www.runoob.com/linux/nginx-install-setup.html

https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-6-with-yum