Nginx 是非常流行的 HTTP/HTTPS 服务器软件,它也可以作为反向代理服务器,邮件代理服务器,可以用于负载均衡,缓存等等。

Nginx 有两个主要的分支可供安装,stable 和 mainline 。这两个分支的主要区别可以从下图看出:

nginx two branchs

stable 分支并不意味着比 mainline 更加稳定可靠,事实上 mainline 更加稳定,因为 Nginx 开发人员会把所有的 bugfixes 都提交到该分支,而只会把 major bugfixes 提交到 stable 分支。然而另一方面,在 stable 分支的提交很少会影响到第三方模块,而在 mainline 上面的开发可能更快所有的新特性,更新,bugs,都会可能对第三方模块造成影响。

Nginx 官方 建议可以在任何时候使用 mainline 分支。而在生产环境使用 stable 分支。

installation

Use following command to install:

sudo apt-get install nginx
nginx -V

all config file is under /etc/nginx/nginx.conf

all vhost is under /etc/nginx/sites-available

program file is under /usr/sbin/nginx

log file is under /var/log/nginx , name of log file is access.log and error.log

init script has been created under /etc/init.d/

start from nginx 1.4.1, the default vhost direcotory is under /usr/share/nginx/html/

apt-get install nginx the config file is under /etc/nginx/site-available/default/

user data can be found in conf file.

sudo nginx -t to test and print log.

manage nginx

start nginx

sudo service nginx start

stop nginx

sudo service nginx stop

other parameters:

reload        restart       start         status        stop

nginx files and path

content

/usr/share/nginx/html/: actual web content, this path can be changed by altering Nginx configuration file.

默认 Ubuntu 16.04 会将 nginx 托管的地址指向 /var/www/html/ 目录。

server configuration

/etc/nginx: The nginx configuration directory. All of the configuration files reside here.

/etc/nginx/sites-available/: The directory where per-site “server blocks” can be stored. Nginx will not use the configuration files found in this directory unless they are linked to the sites-enabled directory (see below). Typically, all server block configuration is done in this directory, and then enabled by linking to the other directory.

/etc/nginx/sites-enabled/: The directory where enabled per-site “server blocks” are stored. Typically, these are created by linking to configuration files found in the sites-available directory.

log

/var/log/nginx/access.log: Every request to your web server is recorded in this log file unless Nginx is configured to do otherwise.

/var/log/nginx/error.log: Any Nginx errors will be recorded in this log.

nginx conf

nginx conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

user
Defines which Linux user will own and run the nginx. Most Debian-based distributions use www-data.

worker_process
Defines how many threads, or simultaneous instances, of nginx to run. Learn more here

pid
Defines where nginx will write its master process ID, or PID.

设置 Nginx Server Blocks

Server Blocks 类似 Apache Virtual Hosts 概念,作用就是通过配置让同一台机器同时托管多个域名。

首先创建目录

sudo mkdir -p /var/www/www.einverne.info/html
sudo chmod -R 755 /var/www/

如果组和用户不是 www-data ,可以用 sudo chown -R www-data:www-data /var/www/www.einverne.info/html 来改变

默认情况下 nginx 包含一个 server block —- default , 创建其他 server block的时候可以以它作为模板

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/www.einverne.info

然后修改该配置

server {
    listen 80;
    listen [::]:80;

    root /var/www/www.einverne.info/html;
    index index.html index.htm index.nginx-debian.html;

    server_name www.einverne.info;

    location / {
        try_files $uri $uri/ =404;
    }
}

修改 vim /etc/nginx/nginx.conf

http {
    . . .

    server_names_hash_bucket_size 64;

    . . .
}

最后需要 ln 启用新的虚拟主机

sudo ln -s /etc/nginx/sites-available/www.einverne.info /etc/nginx/sites-enabled/

使用 sudo nginx -t 来测试配置。

重启 sudo /etc/init.d/nginx reload 启用新配置。

更多的 Nginx 配置相关内容可以查看新文章 Nginx conf

从源代码编译 Nginx 安装

获取 Nginx 最新版本 http://nginx.org/en/download.html 使用最新 mainline 版本即可

下载最新源代码,解压

wget http://nginx.org/download/nginx-1.13.6.tar.gz && tar zxvf nginx-1.13.6.tar.gz

下载安装依赖

以下内容都使用 root 安装 su -

apt-get install -y gcc g++ make automake build-essential

安装 PCRE 库,Nginx Core 和 Rewrite 模块提供正则支持

apt-get install libpcre3 libpcre3-dev

OpenSSL

sudo apt-get install openssl libssl-dev libperl-dev

zlib 库,提供 Gzip 模块支持,压缩headers

apt-get install -y zlib1g zlib1g-dev 

XML xslt

apt-get install libxslt-dev

GD Library

apt-get install libgd2-dev

GeoIP Library

apt-get install libgeoip-dev

使用 APT 源安装 Nginx,并查看版本 nginx -V

nginx -V
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads

Configure 后面的参数在编译时会需要用到

在反向代理中替换原网页内容,需要在编译时加入第三方模块 substitution

git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module

另一个方便快捷配置 Google 反代的模块

git clone https://github.com/cuber/ngx_http_google_filter_module

然后进入 Nginx 源代码目录

cd nginx-1.13.6/
./configure \
> --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads \
> --add-module=../ngx_http_substitutions_filter_module \
> --add-module=../ngx_http_google_filter_module

设置后,开始检查编译参数和环境,如果少了某些安装包,或者需要特定版本的lib就会报错,Google 一下需要的依赖包安装即可。安装之后再次 ./configure

检查通过显示

Configuration summary
  + using threads
  + using system PCRE library
  + using system OpenSSL library
  + using system zlib library

  nginx path prefix: "/usr/share/nginx"
  nginx binary file: "/usr/sbin/nginx"
  nginx modules path: "/usr/share/nginx/modules"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/lib/nginx/body"
  nginx http proxy temporary files: "/var/lib/nginx/proxy"
  nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
  nginx http uwsgi temporary files: "/var/lib/nginx/uwsgi"
  nginx http scgi temporary files: "/var/lib/nginx/scgi"

./configure: warning: the "--with-ipv6" option is deprecated

然后编译

make
make install

然后将编译后的文件替换到发行版的安装目录

cp -rf objs/nginx /usr/sbin/nginx

检查 nginx -V 即可看到新编译的版本。

常用配置

Options Explanation
--prefix=<path> 安装的根目录,默认为 /usr/local/nginx
--sbin-path=<path> nginx 二进制文件路劲,如果没有设定,则使用 prefix 作为相对路劲
--conf-path=<path> 配置路径
--error-log-path=<path> 错误log
--pid-path=<path> nginx 写pid文件,通常在 /var/run
--lock-path=<path> 共享内存锁文件
--user=<user> 在哪个用户下运行 worker processes
--group=<group>
--with-debug 开启debug log 生产环境不要启用
--with-http_ssl_module 开启 HTTP SSL 模块,支持 HTTPS
--with-http_realip_module 开启真实来源IP
--with-http_flv_module 开启 flash 视频流
--with-http_mp4_module 开启 H.264/AAC 文件视频流
--with-http_gzip_static_module 开启预压缩文件传前检查,防止文件被重复压缩
--with-http_gunzip_module 开启为不支持 gzip 的客户端提前解压内容
--with-http_stub_status_module 开启 nginx 运行状态
--with_http_substitutions_filter_module 开启替换原网页内容

reference