See Also awk

Nginx

Nginx(发音同engine x)是一款由俄罗斯程序员Igor Sysoev所开发轻量级的网页服务器、反向代理服务器以及电子邮件(IMAP/POP3)代理服务器。

起初是供俄国大型的门户网站及搜索引擎Rambler(俄语:Рамблер)使用。此软件BSD-like协议下发行,可以在UNIX、GNU/Linux、BSD、Mac OS X、Solaris,以及Microsoft Windows等操作系统中运行。

Nginx可以方便的集成Php/Python等动态语言。

1. 二次开发

二次开发

Embed the power of Lua into Nginx

2. Installation

2.1. 服务集成

2.2. CommandLine

https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/

Options

-?, -h

Print help.

-v

Print version.

-V

Print NGINX version, compiler version and configure parameters.

-t

Don’t run, just test the configuration file. NGINX checks configuration for correct syntax and then try to open files referred in configuration.

-q

Suppress non-error messages during configuration testing.

-s signal

Send signal to a master process: stop, quit, reopen, reload. (version >= 0.7.53)

-p prefix

Set prefix path (default: /usr/local/nginx/). (version >= 0.7.53)

-c filename

Specify which configuration file NGINX should use instead of the default.

-gdirectives

Set global directives. (version >= 0.7.4)

nginx -s stop

fast shutdown

nginx -s quit

graceful shutdown

nginx -s reload

changing configuration, starting new worker processes with a new configuration, graceful shutdown of old worker processes

nginx -s reopen

re-opening log files

2.3. Load on Mac Start

http://wiki.summercode.com/running_homebrewed_nginx_with_sudo_on_mac_os_x

set user in nginx.conf: user liyan admin;

edit /srv/www/moin/etc/homebrew.mxcl.nginx.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs//
PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>homebrew.mxcl.nginx</string>
    <key>RunAtLoad</key>
    <true/>
    <key>KeepAlive</key>
    <false/>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/opt/nginx/sbin/nginx</string>
        <string>-g</string>
        <string>daemon off;</string>
    </array>
    <key>WorkingDirectory</key>
    <string>/usr/local</string>
  </dict>
</plist>

# remove user key&value in homebrew.mxcl.nginx.plist
sudo ln -sfv /srv/www/moin/etc/homebrew.mxcl.nginx.plist /System/Library/LaunchDaemons/homebrew.mxcl.nginx.plist 
# sudo ln -sfv /srv/www/moin/etc/homebrew.mxcl.nginx.plist /Library/LaunchAgents/homebrew.mxcl.nginx.plist
sudo chown root homebrew.mxcl.nginx.plist
#sudo launchctl load -w /Library/LaunchAgents/homebrew.mxcl.nginx.plist
sudo launchctl load -w /System/Library/LaunchDaemons/homebrew.mxcl.nginx.plist
sudo launchctl unload /System/Library/LaunchDaemons/homebrew.mxcl.nginx.plist

3. Usage

http://wiki.nginx.org/Configuration

3.1. 基本配置

/usr/sbin/groupadd www
/usr/sbin/useradd -g www www

user       www www;  ## Default: nobody
worker_processes  auto;  ## Default: 1
error_log  logs/error.log;
pid        logs/nginx.pid;

# worker_processes可以打开的文件句柄数量-大于ulimit -a
worker_rlimit_nofile 8192;
 
events {
  # 对应worker_rlimit_nofile
  worker_connections  8192;  ## Default: 1024
}
 
http {
  include    conf/mime.types;
  index    index.html index.htm index.php;
  
  default_type application/octet-stream;
  log_format   main '$remote_addr - $remote_user [$time_local]  $status '
      '"$request" $body_bytes_sent "$http_referer" '
      '"$http_user_agent" "$http_x_forwarded_for"';
  access_log   logs/access.log  main;
  sendfile     on;
  tcp_nopush   on;
  server_names_hash_bucket_size 128; # this seems to be required for some vhosts
  
  server {
  listen       80  default_server;
    server_name  localhost;

    charset utf-8;

    location / {         
      index  index.html index.htm;
      root   /srv/www/html;
    }

    location /status {
      stub_status on; # compile with --with-http_stub_status_module, refer to http://wiki.nginx.org/HttpStubStatusModule
      access_log   off;
      allow 127.0.0.1;
      deny all;
    }

    location /music {
      autoindex on; # http://wiki.nginx.org/HttpAutoindexModule
      autoindex_exact_size off;
      alias /opt/e_disk/Music;
    }
  }
}

3.1.1. 访问控制:允许/禁止IPs

Refer to Nginx#ngx_http_access_module

        #deny ad info from FuJian dianxin(ban all 110.89.133.*)
        deny 110.89.133.0/24;

3.1.2. Php Samples

3.1.3. Python via uWSGI

3.1.4. FastCGI examples

3.1.5. 反向代理配置

Nginx反向代理邮件协议配置

参考:

3.1.6. More Samples

3.2. Trouble Shooting

3.2.1. 413 error fix

Nginx出现“413 Request Entity Too Large”错误解决方法

#在http字段里加入如下字段
client_max_body_size 2m;

4. Modules

http://wiki.nginx.org/Modules

4.1. Core functionality

参考:

# 自动检查CPU个数,1worker/核
worker_processes auto;
# worker_processes可以打开的文件句柄数量-大于ulimit -a
worker_rlimit_nofile 204800;
events {
        # 对应worker_rlimit_nofile
        worker_connections 204800;
        # worker process will accept all new connections at a time
        multi_accept on;
}

4.1.1. error log config

http://nginx.org/en/docs/ngx_core_module.html#error_log

Syntax:         error_log file [level];
Default:        error_log logs/error.log error;
Context:        main, http, mail, stream, server, location

4.2. ngx_http_core_module

http://nginx.org/en/docs/http/ngx_http_core_module.html

http {
        # don't show the nginx version
        server_tokens   off;
        # use kernel method
        sendfile        on;
        sendfile_max_chunk 64K;
        # sending a file in full packets with sendfile enabled
        tcp_nopush      on;

        ...
}

4.2.1. alias vs. root

alias包含本地映射目录;root不包含

                location /static {
                        alias  /srv/www/console/static; #local static
                }

                location /static {
                        root  /srv/www/console; #local static
                }

4.3. ngx_http_access_module

http://nginx.org/en/docs/http/ngx_http_access_module.html

4.3.1. Sample Config

从上到下的顺序,类似iptables。匹配到了便跳出。如上的例子先禁止了192.16.1.1,接下来允许了3个网段,其中包含了一个ipv6,最后未匹配的IP全部禁止访问。

location / {
    deny  192.168.1.1;
    allow 192.168.1.0/24;
    allow 10.1.1.0/16;
    allow 2001:0db8::/32;
    deny  all;
}

4.3.2. Directives

Syntax:         allow address | CIDR | unix: | all;
Default:        —
Context:        http, server, location, limit_except

Syntax:         deny address | CIDR | unix: | all;
Default:        —
Context:        http, server, location, limit_except

4.4. ngx_http_realip_module

参考:

这个模块不是默认编译的,需要在编译时添加参数:--with-http_realip_module

4.4.1. Sample Config

location / {
    # 限制参数生效的范围,指定elb的IP范围
    set_real_ip_from   10.0.0.0/8;
    real_ip_header     X-Forwarded-For;
    proxy_pass       http://localhost:8000;
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $realip_remote_addr;
    proxy_connect_timeout 10s;
    proxy_send_timeout 1s;
    proxy_read_timeout 1s;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
}

4.4.2. Directives

Syntax:         set_real_ip_from address | CIDR | unix:;
Default:        —
Context:        http, server, location

4.5. Nginx 模块实践

5. Reference


CategoryTool

MainWiki: Nginx (last edited 2013-03-12 15:48:56 by twotwo)