此篇文章用于记录Nginx使用方面的说明

安装Nginx

源码安装

安装编译环境

1
sudo apt-get install -y build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libgd-dev libxml2 libxml2-dev uuid-dev libgeoip-dev

Nginx官网下载源码

1
wget -O nginx.tar.gz https://nginx.org/download/nginx-1.23.4.tar.gz && tar -xzf nginx.tar.gz && rm nginx.tar.gz && mv nginx-* nginx && cd nginx

设置编译参数

输入以下命令可以查看具体的编译参数

1
./configure --help

常用的编译参数

1
2
​./configure --prefix=/usr/local/nginx
make && make install

使用systemctl管理nginx

nginx.service文件编写

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[Unit]
Description=nginx - high performance web server.
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reopen
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
  
[Install]
WantedBy=multi-user.target

通过Apt安装Nginx

1
sudo apt install -y nginx

通过该方案安装的Nginx默认目录为 /etc/nginx

通过LNMP管理Nginx

LNMP的具体介绍参考官网: https://lnmp.org/

以下命令表示只安装Nginx

1
wget http://soft.vpser.net/lnmp/lnmp1.9.tar.gz -cO lnmp1.9.tar.gz && tar zxf lnmp1.9.tar.gz && cd lnmp1.9 && sudo bash ./install.sh nginx

LNMP可以通过修改 /path/to/lnmp1.9/lnmp.conf 的nginx相关字段来修改编译参数

使用寄巧(技巧)

本人目前的nginx的编译参数如下

1
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_ssl_preread_module --with-http_realip_module

nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
user  www www;

worker_processes auto;
worker_cpu_affinity auto;

# 设置log输出位置
error_log  /var/log/nginx/nginx_error.log  crit;

pid        /usr/local/nginx/logs/nginx.pid;

worker_rlimit_nofile 51200;

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept off;
        accept_mutex off;
    }

stream 
    { 
        # 上游
        upstream ssh {
            server 127.0.0.1:6000 max_fails=3 fail_timeout=10s;
        }
        upstream backend {
            server 127.0.0.1:6001 max_fails=3 fail_timeout=10s;
        }

        # SNI转发
        map $ssl_preread_server_name $backend_sni {
            ssh.example.com ssh;
            default backend;
        }


        server {
            listen 443 reuseport;
            ssl_preread     on;
            proxy_protocol  on;
            proxy_pass $backend_sni;
        }

        # 设置日志输出格式
        log_format proxy '$remote_addr [$time_local] '
                    '$protocol $status $bytes_sent $bytes_received '
                    '$session_time "$upstream_addr" '
                    '"$ssl_preread_server_name" "$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
        access_log  /var/log/nginx/stream_access.log proxy;
    }

http
    {
        # 设置远端ip 否则会将sni转发的日志都变成127.0.0.1
        set_real_ip_from 127.0.0.1;
        real_ip_header proxy_protocol;
        port_in_redirect off;

        include       mime.types;
        default_type  application/octet-stream;

        # ws配置
        map $http_upgrade $connection_upgrade {
           default upgrade;
           '' close;
        }

        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile on;
        sendfile_max_chunk 512k;
        tcp_nopush on;

        keepalive_timeout 1d;

        tcp_nodelay on;

        # fastcgi相关配置
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;

        # gzip相关配置
        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        server_tokens off;
        access_log off;

server
    {
        listen 80 default_server reuseport;
        #listen [::]:80 default_server ipv6only=on;
        server_name _;
        # 屏蔽未知访问
        return 403;
        access_log  /var/log/nginx/access.log;
    }

server
    {
        listen 127.0.0.1:6001 proxy_protocol default_server;
        #listen [::]:6001 default_server ipv6only=on;
        server_name _ ;
        include cunoe.com-ssl.conf;
        # 屏蔽未知访问
        return 403;
        access_log  /var/log/nginx/access.log;

    }
        # 包括conf.d下的配置文件
        include conf.d/*.conf;
    }

conf.d/template.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
server
    {
        listen 80;
        server_name nginx.example.com;
        location / {
            return 301 https://$host$request_uri;
        }
        access_log  /var/log/nginx/nginx.example.com.log;
    }

server
    {
        listen 127.0.0.1:6001 proxy_protocol ssl http2;
        server_name nginx.example.com;
        include cunoe.com-ssl.conf;
        root /home/webroot/nginx.example.com;
        index index.html;

        # 网站常用反向代理
        location ^~/test/ {
            proxy_pass  http://127.0.0.1:8080/test/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        # ws常用反向代理
        location ^~ /ws/ {
            client_max_body_size 0;
            lingering_close always;
            proxy_redirect off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 3600s;
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_pass http://127.0.0.1:8080/ws/;
        }

        # grpc常用反向代理
        location ^~ /grpc.Service {
            grpc_set_header Host $host;
            grpc_set_header X-Real-IP $remote_addr;
            grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            grpc_socket_keepalive on;
            grpc_pass grpc://127.0.0.1:8081;
        }

        location / {
            alias /home/webroot/nginx.example.com;
            index index.html;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /var/log/nginx/nginx.example.com.log;
    }

Nginx Location 规则

Location的格式如下

1
2
3
4
location [modifier] [URI] {
  ...
  ...
}

Modifier

Nginx对不同的Modifier有不同的优先级,该表按照匹配的优先级排序

Modifier 名称 说明 Example
= 精确匹配 最高优先级,路径必须严格等于时才匹配到该语法块 location = /mod { … }
^~ 路径前缀匹配 正则匹配路径前缀且命中后不再进行进一步匹配 location ^~ /mod { … }
~* 不区分大小写的正则匹配 不区分大小写的正则匹配 location ~* /mod { … }
~ 正则匹配 正则匹配 location ~ /mod { … }
none 普通匹配 普通匹配 location /mod { … }