Home>

Overview

Installation and use

installation

Compile nginx from source

windows installation

use

nginx configuration in action

http reverse proxy configuration

Load balancing configuration

Website has multiple webapp configurations

https reverse proxy configuration

reference

Overview

What is nginx?

nginx (engine x) is a lightweight web server, reverse proxy server and email (imap/pop3) proxy server.

What is a reverse proxy?

Reverse proxyThe method is to use a proxy server to accept connection requests on the Internet.Then forward the request to a server on the internal network,And return the result obtained from the server to the client requesting connection on the internet,At this time, the proxy server behaves as a reverse proxy server.

Refer to the example below:

Installation and use

installation

The release version is divided into linux and windows versions.

You can also download the source code,Run after compilation.

Compile nginx from source

After decompressing the source code,Run the following command in the terminal:

./configure
make
sudo make install

by default,nginx will be installed at/usr/local/nginx. By setting compilation options,You can change this setting.

windows installation

In order to install nginx/win32, you need to download it first.Then decompress it,Then run it.The following uses the root directory of the C drive as an example:

cd c:
cd c:\ nginx-0.8.54 start nginx

nginx/win32 is a console program,Not windows service.The server method is still under development.

use

The use of nginx is relatively simple,Just a few commands.

The commonly used commands are as follows:

nginx -s stop close nginx quickly, may not save related information,And quickly terminate the web service.

nginx -s quit close nginx smoothly, save related information,Scheduled end of web services.

nginx -s reload due to changes in nginx related configuration,Need to reload configuration and reload.

nginx -s reopen reopens the log file.

nginx -c filename specifies a configuration file for nginx,To replace the default.

nginx -t does not run, but only tests the configuration file.nginx will check the syntax of the configuration file for correctness,And try to open the file referenced in the configuration file.

nginx -v displays the version of nginx.

nginx -v displays nginx version, compiler version and configuration parameters.

If you don't want to type the command every time,You can add a startup batch file startup.bat to the nginx installation directory and double-click it to run.The contents are as follows:

@echo off
rem If nginx has been started and the pid file is recorded before starting, it will kill the specified process
nginx.exe -s stop
rem test configuration file syntax correctness
nginx.exe -t -c conf/nginx.conf
rem display version information
nginx.exe -v
rem starts nginx according to the specified configuration
nginx.exe -c conf/nginx.conf

nginx configuration in action

I always think thatThe configuration of various development tools is still described in combination with actual combat.Makes it easier to understand.

http reverse proxy configuration

Let's first achieve a small goal:without considering complex configurations,Just complete an http reverse proxy.

The nginx.conf configuration file is as follows:

Note:conf/nginx.conf is the default configuration file for nginx.You can also specify your configuration file using nginx -c

#Run user
#user somebody;
#Start process,Usually set to equal the number of CPUs
worker_processes 1;
#Global error log
error_log d:/tools/nginx-1.10.1/logs/error.log;
error_log d:/tools/nginx-1.10.1/logs/notice.log notice;
error_log d:/tools/nginx-1.10.1/logs/info.log info;
#pid file, record the process id of the currently started nginx
pid d:/tools/nginx-1.10.1/logs/nginx.pid;
#Working mode and maximum number of connections
events {
  worker_connections 1024;#Maximum number of concurrent connections for a single background worker process
}
#Set the http server and use its reverse proxy function to provide load balancing support
http {
  #Set mime type (mail support type), the type is defined by the mime.types file
  include d:/tools/nginx-1.10.1/conf/mime.types;
  default_type application/octet-stream;
  #Set log
  log_format main "[$remote_addr]-[$remote_user] [$time_local]" $request ""
           "$status $body_bytes_sent" $http_referer ""
           "" $http_user_agent "" $http_x_forwarded_for "";
  access_log d:/tools/nginx-1.10.1/logs/access.log main;
  rewrite_log on;
  The #sendfile directive specifies whether nginx calls the sendfile function (zero copy method) to output the file,For general applications,  #Must be set to on, if used to download applications such as download disk io heavy load applications,Can be set to off to balance disk and network i/o processing speed,Reduce system uptime.
  sendfile on;
  #tcp_nopush on;
  #Connection timeout
  keepalive_timeout 120;
  tcp_nodelay on;
  #gzip compression switch
  #gzip on;
  #Set the actual server list
  upstream zp_server1 {
    server 127.0.0.1:8089;
  }
  #httpserver
  server {
    #Listen on port 80, port 80 is a well-known port number,For http protocol
    listen 80;
    #Define access using www.xx.com
    server_name www.helloworld.com;
    #Home
    index index.html
    #Directory to webapp
    root d:\ 01_workspace \ project \ github \ zp \ springnotes \ spring-security \ spring-shiro \ src \ main \ webapp;
    #Encoding format
    charset utf-8;
    #Proxy configuration parameters
    proxy_connect_timeout 180;
    proxy_send_timeout 180;
    proxy_read_timeout 180;
    proxy_set_header host $host;
    proxy_set_header x-forwarder-for $remote_addr;
    #Reverse proxy path (bound to upstream), set the mapped path after location
    location/{
      proxy_pass http://zp_server1;
    }
    #Static file,nginx handles itself
    location ~ ^/(images | javascript | js | css | flash | media | static)/{
      root d:\ 01_workspace \ project \ github \ zp \ springnotes \ spring-security \ spring-shiro \ src \ main \ webapp \ views;
      #Expiration 30 days, static files are not updated very much,Expiry can be set a bit larger,If updated frequently,You can set it smaller.
      expires 30d;
    }
    #Set the address to view the status of nginx
    location/nginxstatus {
      stub_status on;
      access_log on;
      auth_basic "nginxstatus";
      auth_basic_user_file conf/htpasswd;
    }
    #Forbidden to access .htxxx files
    location ~ /\.ht {
      deny all;
    }
    #Error handling page (optionally configurable)
    #error_page 404 /404.html;
    #error_page 500 502 503 504 /50x.html;
    #location=/50x.html {
    #root html;
    #}
  }
}

OK, let's try it:

1. Start the webapp, and note that the port to start binding must be consistent with the port set by upstream in nginx.

2. Change host:add a dns record to the host file in the c:\ windows \ system32 \ drivers \ etc directory

127.0.0.1 www.helloworld.com

3. Start the startup.bat command in the previous article

4. Visit www.helloworld.com in your browser, no surprise,Already accessible.

Load balancing configuration

In the previous example,The proxy just points to a server.

However, in the actual operation of the website,Most of the time, there are multiple servers running the same app, and you need to use load balancing to offload.

nginx can also implement simple load balancing functions.

Assume such an application scenario:the application is deployed on three Linux servers in 192.168.1.11:80, 192.168.1.12:80, and 192.168.1.13:80.The website domain name is www.helloworld.com, and the public IP is 192.168.1.11. Deploy nginx on the server where the public IP is located to load balance all requests.

The nginx.conf configuration is as follows:

http {
   #Set mime type, the type is defined by mime.type file
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  #Set log format
  access_log /var/log/nginx/access.log;
  #Set load balanced server list
  upstream load_balance_server {
    The #weigth parameter represents the weight,The higher the weight, the greater the chance of being assigned
    server 192.168.1.11:80 weight=5;
    server 192.168.1.12:80 weight=1;
    server 192.168.1.13:80 weight=6;
  }
  #httpserver
  server {
    #Listen to port 80
    listen 80;
    #Define access using www.xx.com
    server_name www.helloworld.com;
    #Load balancing requests for all requests
    location/{
      root/root;#Define the server's default website root directory location
      index index.html index.htm;#Define the name of the home index file
      proxy_pass http://load_balance_server;#Request goes to the server list defined by load_balance_server
      #The following is the configuration of some reverse proxy (optional configuration)
      #proxy_redirect off;
      proxy_set_header host $host;
      proxy_set_header x-real-ip $remote_addr;
      #The back-end web server can obtain the user's real IP through x-forwarded-for
      proxy_set_header x-forwarded-for $remote_addr;
      proxy_connect_timeout 90;#nginx connection timeout time with backend server (proxy connection timeout)
      proxy_send_timeout 90;#Backend server data return time (proxy send timeout)
      proxy_read_timeout 90;#After successful connection,Backend server response time (proxy receive timeout)
      proxy_buffer_size 4k;#Set the buffer size of the proxy server (nginx) to save user header information
      proxy_buffers 4 32k;#proxy_buffers buffer, if the average web page is below 32k,Set like this
      proxy_busy_buffers_size 64k;#Buffer size under high load (proxy_buffers * 2)
      proxy_temp_file_write_size 64k;#Set the cache folder size,Greater than this value,Will be passed from the upstream server
      client_max_body_size 10m;#Maximum number of single file bytes allowed by the client
      client_body_buffer_size 128k;#The maximum number of bytes that the buffer proxy buffers for the client request
    }
  }
}

Website has multiple webapp configurations

As a website becomes more and more feature-rich,It is often necessary to strip out some relatively independent functions.Independent maintenance.In this case,Usually, there will be multiple webapps.

For example:if the site has several webapps, finance (finance), product (product), admin (user center). The way to access these applications is distinguished by context:

we know,The default port number of http is 80. If you start these three webapp applications on one server at the same time, all use port 80, which will definitely not work.Therefore, these three applications need to be bound to different port numbers.

So here comes the problem,When a user actually visits a site, they visit different webapps, and they will never visit it with the corresponding port number.So again you need to use a reverse proxy for processing.

Configuration is not difficult,Let's see how to do it:

http {
  #Omit some basic configuration here
  upstream product_server {
    server www.helloworld.com:8081;
  }
  upstream admin_server {
    server www.helloworld.com:8082;
  }
  upstream finance_server {
    server www.helloworld.com:8083;
  }
  server {
    #Omit some basic configuration here
    #Default point to product's server
    location/{
      proxy_pass http://product_server;
    }
    location/product/{
      proxy_pass http://product_server;
    }
    location/admin/{
      proxy_pass http://admin_server;
    }
    location/finance/{
      proxy_pass http://finance_server;
    }
  }
}

https reverse proxy configuration

Some sites with high security requirements,May use https (a secure http protocol using SSL communication standard).

There is no popular http protocol and SSL standard here. However, there are a few things to know about configuring https with nginx:

The fixed port number of https is 443, which is different from the 80 port of http

SSL standards need to introduce security certificates,So in nginx.conf you need to specify the certificate and its corresponding key

Others are basically the same as http reverse proxy,It's just a little different in the server configuration.

#httpserver
 server {
   #Listen on port 443. 443 is a well-known port number,Mainly used for https protocol
   listen 443 ssl;
   #Define access using www.xx.com
   server_name www.helloworld.com;
   #sslCertificate file location (common certificate file format is:crt/pem)
   ssl_certificate cert.pem;
   #sslCertificate key location
   ssl_certificate_key cert.key;
   #sslConfiguration parameters (optional configuration)
   ssl_session_cache shared:ssl:1m;
   ssl_session_timeout 5m;
   #digital signature,Use md5 here
   ssl_ciphers high:! anull:! md5;
   ssl_prefer_server_ciphers on;
   location/{
     root/root;
     index index.html index.htm;
   }
 }
  • Previous C # traverse all pictures in the folder subdirectory and traverse the files in the folder
  • Next C # using three usage methods