Nginx

来自lfzyx
跳转至: 导航搜索

Nginx(发音同engine x)是一款由俄罗斯程序员Igor Sysoev所开发轻量级的网页服务器、反向代理服务器以及电子邮件(IMAP/POP3)代理服务器。整体采用模块化设计是nginx的一个重大特点,甚至http服务器核心功能也是一个模块。要注意的是:nginx的模块是静态的,添加和删除模块都要对nginx进行重新编译,这一点与Apache的动态模块完全不同。[1]

安装[编辑]

编译[编辑]

# yum install gcc pcre-devel zlib-devel | # apt-get install libpcre3-dev zlib1g-dev
# wget http://nginx.org/download/nginx-1.5.8.tar.gz[2]
# tar zxvf nginx-1.5.8.tar.gz 
# cd nginx-1.5.8 
# useradd nginx
# ./configure 
# make
# make install

选项[编辑]

运行./configure 时可用的选项[3]

 --help                             列出选项列表
 --prefix=PATH                      安装路径,默认为 /usr/local/nginx
 --sbin-path=PATH                   二进制可执行文件路径,默认为<prefix>/sbin/nginx
 --conf-path=PATH                   nginx.conf路径,默认为<prefix>/conf/nginx.conf
 --error-log-path=PATH              错误日志路径,默认为<prefix>/logs/error.log
 --pid-path=PATH                    nginx.pid 路径,默认为<prefix>/logs/nginx.pid
 --lock-path=PATH                   nginx.lock 路径,默认为<prefix>/logs/nginx.lock
 --user=USER                        为 worker processes 设定非特权用户,默认为 nobody
 --group=GROUP                      为 worker processes 设定非特权组,默认为 nobody
 --builddir=DIR                     设置构建目录
 --with-rtsig_module                enable rtsig module
 --with-select_module               enable select module
 --without-select_module            disable select module
 --with-poll_module                 enable poll module
 --without-poll_module              disable poll module
 --with-file-aio                    enable file AIO support
 --with-ipv6                        enable IPv6 support
 --with-http_ssl_module             enable ngx_http_ssl_module  需要安装 OpenSSL library  # yum install openssl-devel | # apt-get install libssl-dev
 --with-http_spdy_module            enable ngx_http_spdy_module
 --with-http_realip_module          enable ngx_http_realip_module
 --with-http_addition_module        enable ngx_http_addition_module
 --with-http_xslt_module            enable ngx_http_xslt_module  需要安装 libxml2/libxslt libraries # yum install libxslt-devel | # apt-get install libxslt1-dev
 --with-http_image_filter_module    enable ngx_http_image_filter_module 需要安装 GD library # yum install gd-devel | # apt-get install libgd2-xpm-dev
 --with-http_geoip_module           enable ngx_http_geoip_module 需要安装 GeoIP library # yum install GeoIP-devel | # apt-get install libgeoip-dev
 --with-http_sub_module             enable ngx_http_sub_module
 --with-http_dav_module             enable ngx_http_dav_module
 --with-http_flv_module             enable ngx_http_flv_module
 --with-http_mp4_module             enable ngx_http_mp4_module
 --with-http_gunzip_module          enable ngx_http_gunzip_module
 --with-http_gzip_static_module     enable ngx_http_gzip_static_module
 --with-http_auth_request_module    enable ngx_http_auth_request_module
 --with-http_random_index_module    enable ngx_http_random_index_module
 --with-http_secure_link_module     enable ngx_http_secure_link_module
 --with-http_degradation_module     enable ngx_http_degradation_module
 --with-http_stub_status_module     enable ngx_http_stub_status_module
 --without-http_charset_module      disable ngx_http_charset_module
 --without-http_gzip_module         disable ngx_http_gzip_module
 --without-http_ssi_module          disable ngx_http_ssi_module
 --without-http_userid_module       disable ngx_http_userid_module
 --without-http_access_module       disable ngx_http_access_module
 --without-http_auth_basic_module   disable ngx_http_auth_basic_module
 --without-http_autoindex_module    disable ngx_http_autoindex_module
 --without-http_geo_module          disable ngx_http_geo_module
 --without-http_map_module          disable ngx_http_map_module
 --without-http_split_clients_module disable ngx_http_split_clients_module
 --without-http_referer_module      disable ngx_http_referer_module
 --without-http_rewrite_module      disable ngx_http_rewrite_module
 --without-http_proxy_module        disable ngx_http_proxy_module
 --without-http_fastcgi_module      disable ngx_http_fastcgi_module
 --without-http_uwsgi_module        disable ngx_http_uwsgi_module
 --without-http_scgi_module         disable ngx_http_scgi_module
 --without-http_memcached_module    disable ngx_http_memcached_module
 --without-http_limit_conn_module   disable ngx_http_limit_conn_module
 --without-http_limit_req_module    disable ngx_http_limit_req_module
 --without-http_empty_gif_module    disable ngx_http_empty_gif_module
 --without-http_browser_module      disable ngx_http_browser_module
 --without-http_upstream_ip_hash_module
                                    disable ngx_http_upstream_ip_hash_module
 --without-http_upstream_least_conn_module
                                    disable ngx_http_upstream_least_conn_module
 --without-http_upstream_keepalive_module
                                    disable ngx_http_upstream_keepalive_module
 --with-http_perl_module            enable ngx_http_perl_module 需要安装 perl # yum install perl-ExtUtils-Embed | # apt-get install libperl-dev
 --with-perl_modules_path=PATH      set Perl modules path
 --with-perl=PATH                   set perl binary pathname
 --http-log-path=PATH               set http access log pathname
 --http-client-body-temp-path=PATH  http 客户端请求的临时文件路径,默认为<prefix>/client_body_temp
 --http-proxy-temp-path=PATH        http 代理的临时文件路径,默认为<prefix>/proxy_temp
 --http-fastcgi-temp-path=PATH      http fastcgi 的临时文件路径,默认为<prefix>/fastcgi_temp
 --http-uwsgi-temp-path=PATH        http uwsgi 的临时文件路径
 --http-scgi-temp-path=PATH         http scgi 的临时文件路径
 --without-http                     disable HTTP server
 --without-http-cache               disable HTTP cache
 --with-mail                        enable POP3/IMAP4/SMTP proxy module
 --with-mail_ssl_module             enable ngx_mail_ssl_module
 --without-mail_pop3_module         disable ngx_mail_pop3_module
 --without-mail_imap_module         disable ngx_mail_imap_module
 --without-mail_smtp_module         disable ngx_mail_smtp_module
 --with-google_perftools_module     enable ngx_google_perftools_module 需要安装 Google perftools library # yum install gperftools-devel | # apt-get install libgoogle-perftools-dev
 --with-cpp_test_module             enable ngx_cpp_test_module 需要安装c++ # yum install gcc-c++ | # apt-get install libstdc++6-4.7-dev
 --add-module=PATH                  enable an external module
 --with-cc=PATH                     C编译器路径
 --with-cpp=PATH                    C预处理器路径
 --with-cc-opt=OPTIONS              额外的C编译器选项
 --with-ld-opt=OPTIONS              额外的连接器选项
 --with-cpu-opt=CPU                 指定编译的CPU, 有效值:
                                    pentium, pentiumpro, pentium3, pentium4,
                                    athlon, opteron, sparc32, sparc64, ppc64
 --without-pcre                     disable PCRE library usage
 --with-pcre                        force PCRE library usage
 --with-pcre=DIR                    set path to PCRE library sources
 --with-pcre-opt=OPTIONS            set additional build options for PCRE
 --with-pcre-jit                    build PCRE with JIT compilation support
 --with-md5=DIR                     set path to md5 library sources
 --with-md5-opt=OPTIONS             set additional build options for md5
 --with-md5-asm                     use md5 assembler sources
 --with-sha1=DIR                    set path to sha1 library sources
 --with-sha1-opt=OPTIONS            set additional build options for sha1
 --with-sha1-asm                    use sha1 assembler sources
 --with-zlib=DIR                    set path to zlib library sources
 --with-zlib-opt=OPTIONS            set additional build options for zlib
 --with-zlib-asm=CPU                use zlib assembler sources optimized
                                    for the specified CPU, valid values:
                                    pentium, pentiumpro
 --with-libatomic                   force libatomic_ops library usage
 --with-libatomic=DIR               set path to libatomic_ops library sources
 --with-openssl=DIR                 set path to OpenSSL library sources
 --with-openssl-opt=OPTIONS         set additional build options for OpenSSL
 --with-debug                       启用调试日志

示例[编辑]

依据apt/yum的标准编译
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -fstack-protector --param=ssp-buffer-size=4 -Wp,-D_FORTIFY_SOURCE=2'


开启所有模块
./configure --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_degradation_module --with-google_perftools_module --with-http_perl_module --with-cpp_test_module --with-pcre-jit --with-debug

apt/yum[编辑]

CentOS

创建文件 /etc/yum.repos.d/nginx.repo,并包含以下内容:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/OSRELEASE/$basearch/ 
gpgcheck=0
enabled=1

根据操作系统的版本,将 OSRELEASE 替换为 "5" 或 "6" ,分别代表 5.x 或 6.x

yum install nginx

Debian

# wget http://nginx.org/keys/nginx_signing.key
# apt-key add nginx_signing.key

编辑/etc/apt/sources.list,加入以下内容:

deb http://nginx.org/packages/mainline/debian/ codename nginx 
deb-src http://nginx.org/packages/mainline/debian/ codename nginx 

根据操作系统的版本,将codename替换成 squeeze 或者 wheezy

apt-get update 
apt-get install nginx

配置[编辑]

user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 16384;

event[编辑]

events {
   worker_connections  2048;
   multi_accept on;
   use epoll;
}

http[编辑]

include       /etc/nginx/mime.types;
default_type  application/octet-stream;
log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';
sendfile        on;
tcp_nopush on;
keepalive_timeout  65;
server_tokens off;
gzip  on;
gzip_min_length 1000;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml text/javascript;
client_max_body_size 20M;
client_body_buffer_size 1024k;
include /etc/nginx/conf.d/*.conf;

server[编辑]

listen	80;
server_name	localhost;
access_log  PATH  main;
#跳转https
listen	80;
server_name localhost;
return 301 https://localhost$request_uri;

ssl模块[编辑]

listen	443 ssl default;
server_name  localhost;
ssl_certificate      PATH../ssl.crt;
ssl_certificate_key  PATH../ssl.key;
ssl_protocols  SSLv3 TLSv1;
ssl_prefer_server_ciphers   on;
ssl_session_cache   shared:ssl:5M;

location[编辑]

location / {
 root   PATH;
 index  index.html index.htm;
    }

php[编辑]

location / {
root   PATH;
index  index.php index.html index.htm;
location ~ \.php$ {
       root   PATH;
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass   unix:/var/run/php5-fpm.sock;
       fastcgi_index  index.php;
       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
       fastcgi_buffers 256 4k;
       include        fastcgi_params;
   }
 }
# set expiration of assets to MAX for caching
location ~* .(ico|css|js|gif|jpe?g|png)(?[0-9]+)?$ {
expires max;
}
#proxy
location / {
       proxy_pass http://localhost:8081;
       index index.html index.htm index.jsp default.jsp index.action index.do default.action default.do;
       proxy_redirect	    off;
       proxy_set_header    X-Real-IP $remote_addr;
       proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_buffers       128 32k;
       proxy_buffer_size   32k;		
  }

获取IP[编辑]

proxy_set_header    real $remote_addr;
proxy_set_header    forwarded $proxy_add_x_forwarded_for;
<%
out.println("x-real-ip: " + request.getHeader("real"));
out.println("x-forwarded-for: " + request.getHeader("forwarded"));
%>


<?php 
printf ( $_SERVER["REMOTE_ADDR"] )  ; 
printf ( $_SERVER["REMOTE_PORT"] )  ; 
printf ( $_SERVER["SERVER_ADDR"] )  ; 
printf ( $_SERVER["HTTP_USER_AGENT"] )  ; 
?>

模块[编辑]

http://www.howtocn.org/nginx:nginx模块参考手册中文版

参考文献[编辑]

  1. wiki
  2. nginx: download
  3. 编译选项