解析
概念:请求转发、负载均衡、动静分离
请求转发:根据请求路径,转发到相应的服务器
负载均衡:请求到来,根据一定的规则(如:轮循)分配给不同的服务器
发现两个nginx
使用
nginx.exe -s stop
nginx.exe -s reload代理模式
正向代理
代理客户端
翻墙:无法直接访问国外的网站,通过正向代理,让能访问外网的服务器去访问网站,将反问道的数据传递给我们,屏蔽真实客户端消息
用途:
- 访问无法访问的资源
- 缓存,加速访问
- 访问授权,上网认证
- 记录用户上网行为,隐藏用户信息
反向代理
代理服务器
分布式部署下,隐藏服务器信息
作用:
- 保证内网安全,公网为访问地址,实际在内网
- 负载均衡
调度算法
weight轮询:逐一分配,如果宕机则会剔除服务器,分配weight
ip_hash:根据客户端ip hash,固定后端服务,解决session共享
fair:智能调度,响应时间短的邮箱分配,但是默认不支持,需要upstream_fair模块
url_hash:根据url,hash,url固定某个服务器,nginx作为静态服务器可以提高缓存效率
配置
详细配置
########### 每个指令必须有分号结束。#################
#user administrator administrators; #配置用户或者组,默认为nobody nobody。
#worker_processes 2; #允许生成的进程数,默认为1
#pid /nginx/pid/nginx.pid; #指定nginx进程运行文件存放地址
error_log log/error.log debug; #制定日志路径,级别。这个设置可以放入全局块,http块,server块,级别以此为:debug|info|notice|warn|error|crit|alert|emerg
events {
accept_mutex on; #设置网路连接序列化,防止惊群现象发生,默认为on
multi_accept on; #设置一个进程是否同时接受多个网络连接,默认为off
#use epoll; #事件驱动模型,select|poll|kqueue|epoll|resig|/dev/poll|eventport
worker_connections 1024; #最大连接数,默认为512
}
http {
include mime.types; #文件扩展名与文件类型映射表
default_type application/octet-stream; #默认文件类型,默认为text/plain
#access_log off; #取消服务日志
log_format myFormat '$remote_addr–$remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for'; #自定义格式
access_log log/access.log myFormat; #combined为日志格式的默认值
sendfile on; #允许sendfile方式传输文件,默认为off,可以在http块,server块,location块。
sendfile_max_chunk 100k; #每个进程每次调用传输数量不能大于设定的值,默认为0,即不设上限。
keepalive_timeout 65; #连接超时时间,默认为75s,可以在http,server,location块。
upstream mysvr { # 进行负载均衡
server 127.0.0.1:7878;
server 192.168.10.121:3333 backup; #热备
}
error_page 404 https://www.baidu.com; #错误页
# 1. 放在一起
server {
keepalive_requests 120; #单连接请求上限次数。
listen 4545; #监听端口
server_name 127.0.0.1 mingyuefusu.cn *.mingyuefusu.cn; #监听地址
location ~*^.+$ { #请求的url过滤,正则匹配,~为区分大小写,~*为不区分大小写。
#root path; #根目录
#index vv.txt; #设置默认页
proxy_set_header Host $host; # 转发会丢掉原域名,让其加上
proxy_pass http://mysvr; #请求转向mysvr 定义的服务器列表
deny 127.0.0.1; #拒绝的ip
allow 172.18.5.54; #允许的ip
proxy_redirect off;
proxy_set_header Host $host; # 传递域名
proxy_set_header X-Real-IP $remote_addr; # 传递ip
proxy_set_header X-Scheme $scheme; # 传递协议
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# 2.分开
include /etc/nginx/conf.d/*.conf;
}项目配置
url加/,表示绝对根路径
没有/,表示相对路径
http://192.168.1.1/proxy/test.html
# 第一种:
location /proxy/ {
proxy_pass http://127.0.0.1/;
}
# 代理到URL:http://127.0.0.1/test.html
# 第二种 最后少一个 /
location /proxy/ {
proxy_pass http://127.0.0.1;
}
# 代理到URL:http://127.0.0.1/proxy/test.html
# 第三种:
location /proxy/ {
proxy_pass http://127.0.0.1/aaa/;
}
# 代理到URL:http://127.0.0.1/aaa/test.html
# 第四种 最后少一个 /
location /proxy/ {
proxy_pass http://127.0.0.1/aaa;
}
# 代理到URL:http://127.0.0.1/aaatest.htmlserver {
server_name example.com;
location /mail/ {
proxy_pass http://example.com:protmail/;
}
location /com/ {
proxy_pass http://example.com:portcom/main/;
}
location / {
proxy_set_header Host $host;
proxy_pass http://example.com:portdefault;
}
}- 将
http://example.com/mail/下的请求转发到http://example.com:portmail/ - 将
http://example.com/com/下的请求转发到http://example.com:portcom/main/ - 将其它所有请求转发到
http://example.com:portdefault/
如果代理服务器地址中是带有URI的,此URI会替换掉 location 所匹配的URI部分。
而如果代理服务器地址中是不带有URI的,则会用完整的请求URL来转发到代理服务器。
http://example.com/mail/index.html->http://example.com:portmail/index.htmlhttp://example.com/com/index.html->http://example.com:portcom/main/index.htmlhttp://example.com/mail/static/a.jpg->http://example.com:portmail/static/a.jpghttp://example.com/com/static/b.css->http://example.com:portcom/main/static/b.csshttp://example.com/other/index.htm->http://example.com:portdefault/other/index.htm
匹配规则
留空,在留空的情况下,配置表示请求路径由location_match开始。=,表示精确匹配。只有请求的url路径与后面的字符串完全相等时,才会命中。~,表示区分大小写的正则匹配。~*,表示不区分大小写的正则匹配。^~,表示如果该符号后面的字符是最佳匹配,采用该规则,不再进行后续的查找
当有多条 location 规则时,nginx 有一套比较复杂的规则,优先级如下:
- 精确匹配
= - 前缀匹配
^~(立刻停止后续的正则搜索) - 按文件中顺序的正则匹配
~或~* - 匹配不带任何修饰的前缀匹配。
正则匹配,顺序有关
备份
nginx
library
server {
listen 80;
server_name library.mingyuefusu.cn;
location ~ .$ #所有页面均交由tomcat处理
{
proxy_pass http://192.168.0.3:8080;#转向tomcat处理
}
}单独
server {
listen 80;
server_name www.mingyuefusu.cn;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /var/www/tpblog/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /var/www/tpblog/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
server_name test.mingyuefusu.cn;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /var/www/html/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /var/www/html/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
server_name blog.mingyuefusu.cn;
location / {
root /var/www/blog;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/blog;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name wx.mingyuefusu.cn;
location / {
root /var/www/wx/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/wx/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name nav.mingyuefusu.cn;
location / {
root /var/www/nav;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/nav;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name design.mingyuefusu.cn;
server_name_in_redirect on;
#root /usr/java/apache-tomcat-9.0.34/webapps/ROOT/WEB-INF;
#root /var/www/java;
location ~ .$ #所有页面均交由tomcat处理
{
proxy_pass http://localhost:8080;#转向tomcat处理
}
}
server {
listen 80;
server_name shop.mingyuefusu.cn;
server_name_in_redirect on;
location / {
root /var/www/shop;
index index.html index.htm index.php;
}
}
server {
listen 80;
server_name recruit.mingyuefusu.cn;
location / {
root /var/www/ticknet_recruit/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/ticknet_recruit/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name art.mingyuefusu.cn;
location / {
root /var/www/artsign/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/artsign/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name nginx01.mingyuefusu.cn;
server_name_in_redirect on;
#root /usr/java/apache-tomcat-9.0.34/webapps/ROOT/WEB-INF;
#root /var/www/java;
location ~ .$ #所有页面均交由tomcat处理
{
proxy_pass http://121.89.163.222;#转向tomcat处理
}
}
所有页面指向
location / {
root /var/www/acm;
index index.html;
try_files $uri /index.html;
}docker
server {
listen 80;
server_name dockertest.mingyuefusu.cn;
charset utf-8;
location / {
root /usr/share/nginx/html/blog/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass myphp:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/blog/public$fastcgi_script_name;
# fastcgi_param SCRIPT_FILENAME /var/www/html/tp_blog/public$fastcgi_script_name;
include fastcgi_params;
}
}
常用
动静分离
location /static/ {
root /usr/share/nginx/html
}PHP
location / {
root /usr/share/nginx/html/blog/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass myphp:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/blog/public$fastcgi_script_name;
include fastcgi_params;
} mysql
修改/etc/nginx/nginx.conf
#增加stream配置,开启stream模块
http{
xxxxxxxxxx
}
#stream模块和http模块是并列级别的,所以stream要写在http{}外边
stream {
log_format basic '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
access_log /var/log/nginx/stream-access.log basic buffer=32k;
# 为了让这个配置文件简单一些,将配置stream放入到/etc/nginx/conf.d,并以.stream做后缀名。
# 需要为每个端口创建一个.stream做后缀名的配置文件
include /etc/nginx/conf.d/*.stream;
}stream {
upstream mysql {
# localhost 可修改为对应的 IP 地址
# 3306 可修改为对应的数据库端口
# weight 权重
server localhost:3306 weight=1 max_fails=3 fail_timeout=30s;
}
server {
# 监听的端口
listen 10000;
proxy_connect_timeout 10s;
proxy_timeout 30s;
proxy_pass mysql;
}
}kubesphere
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen 80;
server_name localhost 192.168.1.13;
location / {
# root D:/Environment/nginx-1.18.0/conf/conf.d;
# index index.html index.htm index.php;
proxy_set_header Host $host;
# proxy_pass http://127.0.0.1:8083;
proxy_pass http://192.168.56.100:30880;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 86400;
#proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
#proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}