溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
user nginx nginx; # 啟動nginx工作進程的用戶和組,默認為nobody
worker_processes auto; # 啟動nginx工作進程的數量,默認為1
worker_cpu_affinity 0001 0010 0100 1000; #將Nginx?作進程綁定到指定的CPU核?,默認Nginx是不進?進程綁定的,綁定并不是意味著當前nginx進程獨占?核?CPU,但是可以保證此進程不會運?在其他核?上,這就極?減少了nginx的?作進程在不同的cpu核?上的來回跳轉,減少了CPU對進程的資源分配與回收以及內存管理等,因此可以有效的提升nginx服務器的性能,也可以設置為auto。
可以執行以下命令觀察工作進程是否一致運行在同一核CPU上
[root@CentOS7-01 ~]#watch -n1 'ps axo pid,cmd,psr,user | grep nginx|grep -v grep'
#錯誤?志記錄配置,語法:error_log file [debug | info | notice | warn | error | crit | alert | emerg]
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log error;
pid /run/nginx.pid; # pid文件保存路徑
worker_priority 0; # 工作進程nice值,-20~19
worker_rlimit_nofile 65536; #這個數字包括Nginx的所有連接(例如與代理服務器的連接等),?不僅僅是客戶端的連接,另?個考慮因素是實際的并發連接數不能超過系統級別的最?打開?件數的限制
daemon off; #前臺運?Nginx服務?于測試、docker等環境。
master_process off|on; #是否開啟Nginx的master-woker?作模式,僅?于開發調試場景。
events { #事件模型配置參數
worker_connections 65536; #設置單個?作進程的最?并發連接數
use epoll; #使?epoll事件驅動,Nginx?持眾多的事件驅動,?如select、poll、epoll,只能設置在events模塊中設置。
accept_mutex on; #優化同?時刻只有?個請求?避免多個睡眠進程被喚醒的設置,on為防?被同時喚醒,默認為off,全部喚醒的過程也成為"驚群",因此nginx剛安裝完以后要進?適當的優化。
multi_accept on; #Nginx服務器的每個?作進程可以同時接受多個新的?絡連接,但是需要在配置?件中配置,此指令默認為關閉,即默認為?個?作進程只能?次接受?個新的?絡連接,打開后即可同時接受多個。http {
include mime.types; #導入支持的文件類型
default_type application/octet-stream; #設置默認的類型,會提示下載不匹配的類型文件
#日志配置部分
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
#自定義優化參數
sendfile on; #實現文件零拷貝
#tcp_nopush on; #在開啟了sendfile的情況下,合并請求后統一發送給客戶端
#tcp_nodelay off; #在開啟了keepalived模式下的連接是否啟?TCP_NODELAY選項,當為off時,延遲0.2s發送,默認為on,不延遲發送,?即發送用戶響應報?。
#keepalive_timeout 0;
keepalive_timeout 65; #設置會話保持時間
#gzip on; #開啟文件壓縮
server {
listen 80; #設置監聽地址和端口
server_name localhost; #設置server name,可以以空格隔開寫多個并支持正則表達式
#charset koi8-r; #設置編碼格式,默認是俄語格式,可以改為utf-8
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html; #定義錯誤頁面
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1; #以http的?式轉發php請求到指定web服務器
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000; #以fastcgi的?式轉發php請求到php處理
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht { #拒絕web形式訪問指定?件,如很多的?站都是通過.htaccess?件來改變??的重定向等功能。
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server { #?定義虛擬server
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm; #指定默認???件,此指令由ngx_http_index_module模塊提供
# }
#}
# HTTPS server
#
#server { #https服務器配置
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}基于不同的IP、端口和域名實現不同功能的虛擬主機,依賴于核心模塊ngx_http_core_module實現。[root@CentOS7-01 ~]#mkdir /apps/nginx/conf/vhosts
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location / {
root html/pc;
}
}
[root@CentOS7-01 ~]#mkdir /apps/nginx/html/pc
[root@CentOS7-01 ~]#echo "pc web" > /apps/nginx/html/pc/index.html
[root@CentOS7-01 ~]#vim /apps/nginx/conf/nginx.conf
include /apps/nginx/conf/vhosts/*.conf; #添加在http塊
[root@CentOS7-01 ~]#sed -i '1s/$/ pc.hechunping.tech/' /etc/hosts
訪問測試
[root@CentOS7-01 ~]#curl -i pc.hechunping.tech
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 02 Jan 2020 12:07:55 GMT
Content-Type: text/html
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes
pc web[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/mobile.conf
server {
listen 80;
server_name mobile.hechunping.tech;
location / {
root html/mobile;
}
}
[root@CentOS7-01 ~]#mkdir /apps/nginx/html/mobile
[root@CentOS7-01 ~]#echo "mobile web" > /apps/nginx/html/mobile/index.html
[root@CentOS7-01 ~]#sed -i '1s/$/ mobile.hechunping.tech/' /etc/hosts
[root@CentOS7-01 ~]#systemctl reload nginx
訪問測試
[root@CentOS7-01 ~]#curl -i mobile.hechunping.tech/index.html
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 02 Jan 2020 12:05:26 GMT
Content-Type: text/html
Content-Length: 11
Last-Modified: Thu, 02 Jan 2020 12:04:43 GMT
Connection: keep-alive
ETag: "5e0ddc5b-b"
Accept-Ranges: bytes
mobile web[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location / {
root html/pc;
}
location /about {
root html/pc; #在pc目錄下,必須要有about這個目錄,否則訪問的時候會報404錯誤
}
}
[root@CentOS7-01 ~]#mkdir /apps/nginx/html/pc/about
[root@CentOS7-01 ~]#echo "about page ..." > /apps/nginx/html/pc/about/index.html
訪問測試
[root@CentOS7-01 ~]#curl -i pc.hechunping.tech/about/index.html
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 02 Jan 2020 12:28:07 GMT
Content-Type: text/html
Content-Length: 15
Last-Modified: Thu, 02 Jan 2020 12:25:03 GMT
Connection: keep-alive
ETag: "5e0de11f-f"
Accept-Ranges: bytes
about page ...[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location / {
root html/pc;
}
location /alpc { #使?alias的時候uri后?如果加了"/"則下?的路徑配置必須加"/",否則訪問報錯
alias html/pc; #當訪問alpc的時候,會顯?alias定義的/apps/nginx/html/pc??的內容。
}
}
訪問測試
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#cat /apps/nginx/html/pc/index.html
pc web
[root@CentOS7-01 ~]#curl -i pc.hechunping.tech/alpc/index.html
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 02 Jan 2020 13:07:30 GMT
Content-Type: text/html
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes
pc web1)alias指定的目錄是準確的,即location匹配訪問的path目錄下的文件直接是在alias指定的目錄下查找的,location匹配訪問的path目錄的名稱可以任意指定,該類型類似于Linux文件系統的軟連接功能;
2)alias虛擬配置目錄中,location匹配的path目錄后?如果加了"/",則alias指定的目錄后?也必須加"/",否則403
3)root指定的目錄是location匹配訪問的path目錄的父目錄,這個path目錄一定要是真實存在于root指定目錄下的子目錄;
4)root目錄配置中,location匹配的path目錄后面帶不帶"/",都不會影響訪問。語法規則: location [=|~|~*|^~] /uri/ { … }
= #?于標準uri前,需要請求字串與uri精確匹配,如果匹配成功就停?向下匹配并?即處理請求。
~ #?于標準uri前,表?包含正則表達式并且區分??寫,并且匹配
!~ #?于標準uri前,表?包含正則表達式并且區分??寫,并且不匹配
~* #?于標準uri前,表?包含正則表達式并且不區分?寫,并且匹配
!~* #?于標準uri前,表?包含正則表達式并且不區分??寫,并且不匹配
^~ #?于標準uri前,表?包含正則表達式并且匹配以什么開頭
$ #?于標準uri前,表?包含正則表達式并且匹配以什么結尾
\ #?于標準uri前,表?包含正則表達式并且轉義字符。可以轉. * ?等
* #?于標準uri前,表?包含正則表達式并且代表任意?度的任意字符在server部分使用location配置一個web界面,要求:當訪問nginx服務器的指定資源時,顯示指定html文件的內容
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location /test.html {
root /apps/nginx/html/mobile;
}
location = /test.html {
root /apps/nginx/html/pc;
}
}
[root@CentOS7-01 ~]#cat /apps/nginx/html/mobile/test.html
mobile location
[root@CentOS7-01 ~]#cat /apps/nginx/html/pc/test.html
pc location
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#curl pc.hechunping.tech/test.html
pc location
從上面的測試結果可以發現,返回的是精確匹配的內容只匹配以小寫html結尾的文件
[root@CentOS7-01 mobile]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location ~ \.html$ {
root /apps/nginx/html/mobile;
}
}
[root@CentOS7-01 mobile]#ls /apps/nginx/html/mobile/test.*
/apps/nginx/html/mobile/test.html /apps/nginx/html/mobile/test.Html
[root@CentOS7-01 mobile]#curl --head pc.hechunping.tech/test.html
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 13:37:42 GMT
Content-Type: text/html
Content-Length: 16
Last-Modified: Fri, 03 Jan 2020 12:53:04 GMT
Connection: keep-alive
ETag: "5e0f3930-10"
Accept-Ranges: bytes
[root@CentOS7-01 mobile]#curl --head pc.hechunping.tech/test.Html
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 03 Jan 2020 13:37:52 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive此模式無論是大小寫html結尾的文件都匹配,大小寫可以混合,通常使用此模式匹配用戶請求的靜態資源并繼續做下一步操作
[root@CentOS7-01 mobile]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location ~* \.html$ {
root /apps/nginx/html/mobile;
}
}
[root@CentOS7-01 mobile]#systemctl reload nginx
[root@CentOS7-01 mobile]#ls /apps/nginx/html/mobile/test.*
/apps/nginx/html/mobile/test.html /apps/nginx/html/mobile/test.Html
[root@CentOS7-01 mobile]#curl --head pc.hechunping.tech/test.html
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 13:44:08 GMT
Content-Type: text/html
Content-Length: 16
Last-Modified: Fri, 03 Jan 2020 12:53:04 GMT
Connection: keep-alive
ETag: "5e0f3930-10"
Accept-Ranges: bytes
[root@CentOS7-01 mobile]#curl --head pc.hechunping.tech/test.Html
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 13:44:14 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Fri, 03 Jan 2020 13:27:17 GMT
Connection: keep-alive
ETag: "5e0f4135-4"
Accept-Ranges: bytes只匹配以abc開頭的uri下的內容就結束搜索,而不會再匹配uri中包含abc對應目錄下的內容
[root@CentOS7-01 mobile]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location ^~ /abc {
root /apps/nginx/html/mobile;
}
location /babc {
root /apps/nginx/html/mobile;
}
}
[root@CentOS7-01 mobile]#cat /apps/nginx/html/mobile/abc/index.html
abc page
[root@CentOS7-01 mobile]#cat /apps/nginx/html/mobile/babc/index.html
babc page
[root@CentOS7-01 mobile]#systemctl reload nginx
[root@CentOS7-01 mobile]#curl pc.hechunping.tech/abc/
abc page[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location ~* \.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|wmf|js)$ {
root /apps/nginx/html/image;
}
}
[root@CentOS7-01 ~]#ls /apps/nginx/html/image/
1.jpg 2.jpg 3.png 4.jpEg Ab.jS timg.jpg
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech/4.jpEg
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 14:11:07 GMT
Content-Type: image/jpeg
Content-Length: 16228
Last-Modified: Fri, 03 Jan 2020 14:03:22 GMT
Connection: keep-alive
ETag: "5e0f49aa-3f64"
Accept-Ranges: bytes
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech/Ab.jS
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 14:11:18 GMT
Content-Type: application/javascript
Content-Length: 16228
Last-Modified: Fri, 03 Jan 2020 14:10:19 GMT
Connection: keep-alive
ETag: "5e0f4b4b-3f64"
Accept-Ranges: bytes
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech/3.png
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2020 14:11:34 GMT
Content-Type: image/png
Content-Length: 16228
Last-Modified: Fri, 03 Jan 2020 14:03:11 GMT
Connection: keep-alive
ETag: "5e0f499f-3f64"
Accept-Ranges: bytes匹配優先級:=,^~,~/~*,/
location優先級:(location =) > (location 完整路徑) > (location ^~ 路徑) > (location ~,~* 正則順序) > (location 部分起始路徑) > (/)直接匹配?站根會加速Nginx訪問處理:
location = / {
......;
}
location / {
......;
}
靜態資源配置:
location ^~ /static/ {
......;
}
# 或者
location ~* \.(gif|jpg|jpeg|png|css|js|ico)$ {
......;
}
多應?配置
location ~* /app1 {
......;
}
location ~* /app2 {
......;
}訪問控制基于模塊ngx_http_access_module實現,可以通過匹配客戶端源IP地址進?限制,這里只允許192.168.7.72這個ip訪問
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location /pc {
root /apps/nginx/html;
allow 192.168.7.72;
deny all;
}
}
訪問測試,192.168.7.72是另一臺Linux服務器的地址,這里分別在這臺Linux服務器和物理機上進行測試
Linux服務器
[root@CentOS7-02 ~]#ifconfig eth0 | awk -F"[ ]+" 'NR==2{print $3}'
192.168.7.72
[root@CentOS7-02 ~]#curl -i pc.hechunping.tech/pc/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 01:45:18 GMT
Content-Type: text/html
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes
pc web
物理機
從訪問日志中可以發現403狀態碼
[root@CentOS7-01 ~]#tail -n1 -f /apps/nginx/logs/access.log
192.168.7.1 - - [04/Jan/2020:09:46:12 +0800] "GET /pc/ HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"1)生成密碼文件,可以使用兩種方法
方法1:使用htpasswd命令生成,需要安裝httpd-tools包
[root@CentOS7-01 ~]#yum -y install httpd-tools
[root@CentOS7-01 ~]#htpasswd -cb /apps/nginx/conf/.passwd user1 123456 #只有創建第一個用戶的時候需要加-c參數,后面新建用戶的時候不用加該參數,否則會覆蓋前面創建的用戶名密碼。
Adding password for user user1
[root@CentOS7-01 ~]#htpasswd -b /apps/nginx/conf/.passwd user2 123456
Adding password for user user2
[root@CentOS7-01 ~]#cat /apps/nginx/conf/.passwd
user1:$apr1$/4bSUD79$AUHF6.EYkLwW6pvtinl/N1
user2:$apr1$F1c./Mk9$k3LBFsZ.EFaTSU6PdMk5r1
方法2:使用openssl命令生成
[root@CentOS7-01 ~]#printf "user1:$(openssl passwd -crypt 123456)\n" > /apps/nginx/conf/.passwd
[root@CentOS7-01 ~]#printf "user2:$(openssl passwd -crypt 123456)\n" >> /apps/nginx/conf/.passwd #在創建第二個用戶的時候使用追加的方式,否則會覆蓋前面創建的用戶名密碼。
[root@CentOS7-01 ~]#cat /apps/nginx/conf/.passwd
user1:/p2JrkKzl2VvY
user2:.yQfiUOWOMJJE
2)配置nginx配置文件
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location /pc {
root /apps/nginx/html;
auth_basic "login password";
auth_basic_user_file /apps/nginx/conf/.passwd;
}
}
[root@CentOS7-01 ~]#systemctl reload nginx
3)訪問測試
在物理機進行訪問,訪問成功的話,在nginx的訪問日志中可以獲取到遠程用戶信息,如下
[root@CentOS7-01 ~]#tail -n1 -f /apps/nginx/logs/access.log
192.168.7.1 - user1 [04/Jan/2020:10:20:21 +0800] "GET /pc/ HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
當我們訪問一個不存在的頁面的時候,瀏覽器頁面通常會報一個大大的404 Not Found,這樣看起來顯然是很不友好的,所以可以通過自定義錯誤頁面的方式,把404錯誤定義成自己寫的內容
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
error_page 404 /error.html;
location = /error.html {
root html;
}
}
[root@CentOS7-01 ~]#echo "您訪問的頁面不見了~~~" > /apps/nginx/html/error.html
[root@CentOS7-01 ~]#systemctl reload nginx
訪問測試
默認情況下,日志存放的路徑是nginx安裝路徑的logs目錄下, 但是我們可以將各個業務的日志剝離開,這樣方便統計和管理
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
error_page 404 /error.html;
access_log /data/nginx/logs/pc.hechunping.tech/access.log;
error_log /data/nginx/logs/pc.hechunping.tech/error.log;
location = /error.html {
root html;
}
}
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#ls /data/nginx/logs/pc.hechunping.tech/
access.log error.logtry_files會按順序檢查?件是否存在,返回第?個找到的?件或?件夾(結尾加"/"表?為?件夾),如果所有?件或?件夾都找不到,會進??個內部重定向到最后?個參數。只有最后?個參數可以引起?個內部重定向,之前的參數只設置內部URI的指向。最后?個參數是回退URI且必須存在,否則會出現內部500錯誤。
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location /pc {
root html;
try_files $uri $uri/index.html $uri.html /pc/defautl.html;
}
}
[root@CentOS7-01 ~]#cat /apps/nginx/html/pc/defautl.html
pc default page ...
[root@CentOS7-01 ~]#systemctl reload nginx
訪問測試
當訪問的資源無法匹配前面的所有uri時,就會顯示defautl.html頁面的內容,如下圖
也可以將最后一個參數自定義為一個狀態碼,如下圖
keepalive_timeout number; #設定保持連接超時時?,0表?禁??連接,默認為75s,通常配置在http字段作為站點全局配置
keepalive_requests number; #在?次?連接上所允許請求的資源的最?數量,默認為100次
keepalive_timeout 65 65; #開啟?連接后,返回客戶端的會話保持時間為65s,單次?連接累計請求達到指定次數請求或65秒就會被斷開,后?的65表示發送給客戶端的響應報?頭部中顯?的超時時間設置為65s:如不設置客戶端將不顯?超時時間。
訪問測試
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech/pc
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 07:43:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
Keep-Alive: timeout=65
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes
如果設置為0表?關閉會話保持功能,如下所示
curl -I pc.hechunping.tech/pc
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 07:45:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: close
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes
keepalive_requests 2; #在一次長連接上所允許請求的資源的最大次數,這里設置為2,當達到兩次就會關閉本次長連接。
訪問測試
# 使用telnet命令測試
[root@CentOS7-01 ~]#telnet pc.hechunping.tech 80
Trying 127.0.0.1...
Connected to pc.hechunping.tech.
Escape character is '^]'.
GET /pc/index.html HTTP/1.1
HOST: pc.hechunping.tech
# 響應頭信息
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 07:48:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: keep-alive
Keep-Alive: timeout=65
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes
# 頁面內容
pc web
GET /pc/index.html HTTP/1.1
HOST: pc.hechunping.tech
# 響應頭信息
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2020 07:49:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7
Last-Modified: Thu, 02 Jan 2020 11:32:27 GMT
Connection: close
ETag: "5e0dd4cb-7"
Accept-Ranges: bytes
# 頁面內容
pc web
Connection closed by foreign host. #請求資源的次數達到2次后,本次長連接關閉[root@CentOS7-01 download]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location /download {
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
limit_rate 20k;
root html/pc;
}
}
[root@CentOS7-01 download]#ls /apps/nginx/html/pc/download/ #該目錄下不能有index.html文件
README.md ubuntu-18.04.3-server-amd64.iso
[root@CentOS7-01 download]#systemctl reload nginx
訪問測試,如下圖
client_max_body_size 1m; #設置允許客戶端上傳單個?件的最?值,默認值為1m
client_body_buffer_size size; #?于接收每個客戶端請求報?的body部分的緩沖區??;默認16k;超出此??時,其將被暫存到由下?的client_body_temp_path指令所定義的磁盤上的位置
client_body_temp_path path [level1 [level2 [level3]]]; #設定存儲客戶端請求報?的body部分的臨時存儲路徑及??錄結構和數量,?錄名為16進制的數字,使?hash之后的值從后往前截取1位、2位、2位作為?件名
1級?錄占1位16進制,即2^4=16個?錄 0-f
2級?錄占2位16進制,即2^8=256個?錄 00-ff
3級?錄占2位16進制,即2^8=256個?錄 00-ff
配置?例:
client_max_body_size 10m;
client_body_buffer_size 16k;
client_body_temp_path /data/nginx/temp 1 2 2; #reload Nginx會?動創建temp?錄keepalive_disable none | browser ...;
例如:禁用ie6瀏覽器,在配置文件中添加如下參數,可以在http,server,location塊配置
keepalive_disable msie6;limit_except method ... { ... } ;
method:GET,HEAD,POST,PUT,DELETE,MKCOL,COPY,MOVE,OPTIONS,PROPFIND,PROPPATCH,LOCK,UNLOCK,PATCH
# 限制僅允許192.168.7.0網段的客戶端使用指定的GET和HEAD方法
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location /pc {
root html;
limit_except GET {
allow 192.168.7.0/24;
deny all;
}
}
}
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#curl -XPUT /etc/issue pc.hechunping.tech/pc
curl: (3) <url> malformed
<html>
<head><title>403 Forbidden</title></head> #nginx拒絕上傳
<body>
<center><h2>403 Forbidden</h2></center>
<hr><center>nginx</center>
</body>
</html>
# 注釋掉限制指定方法的配置
[root@CentOS7-01 ~]#cat /apps/nginx/conf/vhosts/pc.conf
server {
listen 80;
server_name pc.hechunping.tech;
location /pc {
root html;
#limit_except GET {
# allow 192.168.7.0/24;
# deny all;
#}
}
}
[root@CentOS7-01 ~]#systemctl reload nginx
[root@CentOS7-01 ~]#curl -XPUT /etc/issue pc.hechunping.tech/pc
curl: (3) <url> malformed
<html>
<head><title>405 Not Allowed</title></head> #nginx已經允許,但是程序未支持上傳功能
<body>
<center><h2>405 Not Allowed</h2></center>
<hr><center>nginx</center>
</body>
</html>linux 2.6以上內核提供以下?個系統調?來?持aio:
1、SYS_io_setup:建?aio的context
2、SYS_io_submit: 提交I/O操作請求
3、SYS_io_getevents:獲取已完成的I/O事件
4、SYS_io_cancel:取消I/O操作請求
5、SYS_io_destroy:毀銷aio的contextdirectio size | off; #操作完全和aio相反,aio是讀取?件?directio是寫?件到磁盤,啟?直接I/O,默認為關閉,當?件?于等于給定??時,例如directio 4m,同步(直接)寫磁盤,??寫緩存。open_file_cache off; #是否緩存打開過的?件信息
open_file_cache max=N [inactive=time];
nginx可以緩存以下三種信息:
1) ?件元數據:?件的描述符、?件??和最近?次的修改時間
2) 打開的?錄結構
3) 沒有找到的或者沒有權限訪問的?件的相關信息
max=N:可緩存的緩存項上限數量;達到上限后會使?LRU(Least recently used,最近最少使?)算法實現管理
inactive=time:緩存項的?活動時?,在此處指定的時?內未被命中的或命中的次數少于
open_file_cache_min_uses指令所指定的次數的緩存項即為?活動項,將被刪除open_file_cache_min_uses number; #默認值為1open_file_cache_errors on | off; #默認值為offopen_file_cache_valid time; #默認值為60s
open_file_cache max=10000 inactive=60s; #最?緩存10000個?件,?活動數據超時時?60s
open_file_cache_valid 60s; #每間隔60s檢查?下緩存數據有效性
open_file_cache_min_uses 5; #60秒內?少被命中訪問5次才被標記為活動數據
open_file_cache_errors on; #緩存錯誤信息server_tokens off; #默認為on
訪問測試
默認值時的結果
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech
HTTP/1.1 200 OK
Server: nginx/1.16.1
...
設置為off后的結果,添加在http塊的全局配置
[root@CentOS7-01 ~]#curl -I pc.hechunping.tech
HTTP/1.1 200 OK
Server: nginx
...免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
